what is this? (sshd messages in log)

To: debian-user@lists.debian.org
Subject: what is this? (sshd messages in log)
From: dman <dsh8290@rit.edu>
Date: Thu, 24 Jan 2002 23:29:26 -0500
Message-id: <[🔎] 20020125042926.GA3813@dman.ddts.net>
Mail-followup-to: debian-user@lists.debian.org

I'm sitting at home on the console right now.  I noticed this in
xconsole, copied from /var/log/auth.log :

Jan 24 23:23:50 dman sshd[3760]: Did not receive identification string from 216.153.138.132
Jan 24 23:24:37 dman sshd[3776]: Disconnecting: Corrupted check bytes on input.

It appears that someone is trying to ssh to my machine, but didn't do
it right.  Is this deduction correct?  I looked up that machine and
found :

$ host 216.153.138.12
Name: host-216-153-138-12.choiceone.net
Address: 216.153.138.12

$ nmap 216.153.138.12

(The 1545 ports scanned but not shown below are in state: closed)
Port       State       Service
137/tcp    filtered    netbios-ns              
138/tcp    filtered    netbios-dgm             
139/tcp    filtered    netbios-ssn             
5631/tcp   open        pcanywheredata          


Looks like a windows machine to me.  Is this just a fluke, or is there
some new worm/exploit going around?

Any thoughts, comments?

-D

-- 

"He is no fool who gives up what he cannot keep to gain what he cannot lose."
        --Jim Elliot

Reply to:

Follow-Ups:
- RE:what is this? (sshd messages in log)
  - From: Andrew Agno <agno@AI.SRI.COM>
- Re: what is this? (sshd messages in log)
  - From: Eric G.Miller <egm2@jps.net>
- Re: what is this? (sshd messages in log)
  - From: Acheron <acheron@sympatico.ca>

Prev by Date: Quake III
Next by Date: RE:what is this? (sshd messages in log)
Previous by thread: Re: Quake III
Next by thread: RE:what is this? (sshd messages in log)
Index(es):
- Date
- Thread