Re: Someone scanned my ssh daemon

To: debian-security@lists.debian.org
Subject: Re: Someone scanned my ssh daemon
From: "Jeffrey L. Taylor" <jeff@austinblues.dyndns.org>
Date: Sun, 15 Jun 2003 18:56:17 -0500
Message-id: <[🔎] 20030615235617.GR27968@pogo.bearhouse.lan>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3EECFBB0.9020405@ozemail.com.au>
References: <[🔎] 3EECFBB0.9020405@ozemail.com.au>

Quoting Mark Devin <mdevin@ozemail.com.au>:
> Hash: SHA1
> 
> It looks as though someone is trying to crack my box through ssh.  This
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
> SSH-1.0-SSH_Version_Mapper.  Don't panic.
> Jun 16 04:36:04 jack sshd[20026]: Did not receive identification string
> from 212.202.204.149
> - -- end snip --
> 
> What is this?  I have never seen that scanned message before.  Is this a
> concern?  I am running Woody and all packages are up-to-date with
> security fixes from the debian security site.
> 

This has been around for ages.  Just your unfriendly neighborhood
Earth script kiddie.  If it keeps up from the same or similar address,
then I might start worrying.

Jeffrey

Reply to:

References:
- Someone scanned my ssh daemon
  - From: Mark Devin <mdevin@ozemail.com.au>

Prev by Date: re: Secure Proxy
Next by Date: Re: Someone scanned my ssh daemon
Previous by thread: Someone scanned my ssh daemon
Next by thread: Re: Someone scanned my ssh daemon
Index(es):
- Date
- Thread