HTTP over SSH probes?

To: debian-security@lists.debian.org
Subject: HTTP over SSH probes?
From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>
Date: Fri, 3 Jun 2005 08:42:32 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.61.0506030833250.7478@boater.Princeton.EDU>
Reply-to: kmccarty@Princeton.EDU

Hi list,

What on earth is up with the latest log entries where something isapparently trying to speak HTTP on the SSH port? Any ideas?


Example:
Jun  2 17:46:42 benjo sshd[17291]: Bad protocol version identification 'GET http://www.sciencedirect.com/ HTTP/1.1' from ::ffff:202.207.192.30
The IP in this case seems to be in China.

As far as I can tell nothing is listening at www.sciencedirect.com:22. Theweb site on port 80 at www.sciencedirect.com is a self-proclaimed "digitallibrary" of some sort.

But why would random IPs be requesting sciencedirect.com at my workstationwhich has nothing to do with it? Even for a worm that doesn't make anysense.


regards,

--
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544

Reply to:

Follow-Ups:
- Re: HTTP over SSH probes?
  - From: Martin Minkler <dukeofnukem@gmx.net>
- Re: HTTP over SSH probes?
  - From: sfritsch@ph.tum.de

Prev by Date: Re: Please allow drupal 4.5.3-1
Next by Date: Re: HTTP over SSH probes?
Previous by thread: Debian-security
Next by thread: Re: HTTP over SSH probes?
Index(es):
- Date
- Thread