I'm sitting at home on the console right now. I noticed this in
xconsole, copied from /var/log/auth.log :
Jan 24 23:23:50 dman sshd[3760]: Did not receive identification string from 216.153.138.132
Jan 24 23:24:37 dman sshd[3776]: Disconnecting: Corrupted check bytes on input.
It appears that someone is trying to ssh to my machine, but didn't do
it right. Is this deduction correct? I looked up that machine and
found :
$ host 216.153.138.12
Name: host-216-153-138-12.choiceone.net
Address: 216.153.138.12
$ nmap 216.153.138.12
(The 1545 ports scanned but not shown below are in state: closed)
Port State Service
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
5631/tcp open pcanywheredata
Looks like a windows machine to me. Is this just a fluke, or is there
some new worm/exploit going around?
Any thoughts, comments?
-D