log entry question on sshd
Raul A. Gallegos
raul at asmodean.net
Wed Jan 23 10:11:14 EST 2002
Darrell Shandrow said the following on Tue, Jan 22, 2002 at 08:43:41PM -0700:
> Hi Raul,
>
> Hmmm, looks like a rather persistent port scan, in my estimation.
>
> At 11:04 PM 1/20/2002 -0600, you wrote:
> >Hey gang. I received this log entry and am not sure if it's a portscan
> >of some type or not. Anyone seen this before?
> >
> >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
I thought so at first but usually portscans will scan more ports than
ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh
is secure and does not allow root to ssh in anyway. I also didn't see
any other portscans on any other ports. What it seems to me is that
they were trying to use ssh1 to connect on ssh2 or something but who
knows. It has not happened since so I am not worried.
--
We are writing this e-mail to inform you that the mail server is down.
Please do not call the help desk for assistance. To see the progress of
any outage refer to your e-mail notifications.
Raul A. Gallegos - http://www.asmodean.net
More information about the Speakup
mailing list