Re: Someone scanned my ssh daemon
Quoting Mark Devin <mdevin@ozemail.com.au>:
> Hash: SHA1
>
> It looks as though someone is trying to crack my box through ssh. This
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
> SSH-1.0-SSH_Version_Mapper. Don't panic.
> Jun 16 04:36:04 jack sshd[20026]: Did not receive identification string
> from 212.202.204.149
> - -- end snip --
>
> What is this? I have never seen that scanned message before. Is this a
> concern? I am running Woody and all packages are up-to-date with
> security fixes from the debian security site.
>
This has been around for ages. Just your unfriendly neighborhood
Earth script kiddie. If it keeps up from the same or similar address,
then I might start worrying.
Jeffrey
Reply to: