log entry question on sshd

Amanda Lee amanda at shellworld.net
Wed Jan 23 23:13:02 EST 2002 

Beat me to it! was pointed out last week when I took the TCP/IP class.

Now going to go key-in the IP's I see here after Comcast alledgedly cutover
from the @home debacle  to their network yesterday.  I do see a different
numbering series and am currious to know who these are registered to.

Amanda Lee

----- Original Message -----
From: "Darrell Shandrow" <nu7i at azboss.net>
To: <speakup at braille.uwo.ca>
Sent: Wednesday, January 23, 2002 10:58 PM
Subject: Re: log entry question on sshd


> Hi Raul,
>
> You could access the ARIN (American Registry of Internet Numbers) web site
> at http://www.arin.net to find out the provider who has registered the IP
> address in question, and contact that provider.  I have certainly dealt
> with those sorts of security inqueries at work on a number of occasions.
>
>
> At 09:11 AM 1/23/2002 -0600, you wrote:
> >Darrell Shandrow said the following on Tue, Jan 22, 2002 at
08:43:41PM -0700:
> > > Hi Raul,
> > >
> > > Hmmm, looks like a rather persistent port scan, in my estimation.
> > >
> > > At 11:04 PM 1/20/2002 -0600, you wrote:
> > > >Hey gang.  I received this log entry and am not sure if it's a
portscan
> > > >of some type or not.  Anyone seen this before?
> > > >
> > > >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper.  Don't panic.
> > > >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper.  Don't panic.
> > > >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper.  Don't panic.
> >
> >
> >I thought so at first but usually portscans will scan more ports than
> >ssh.  Besides I'm not worried about anyone breaking in via ssh.  My ssh
> >is secure and does not allow root to ssh in anyway.  I also didn't see
> >any other portscans on any other ports.  What it seems to me is that
> >they were trying to use ssh1 to connect on ssh2 or something but who
> >knows.  It has not happened since so I am not worried.
> >
> >--
> >We are writing this e-mail to inform you that the mail server is down.
> >Please do not call the help desk for assistance.  To see the progress of
> >any outage refer to your e-mail notifications.
> >Raul A. Gallegos - http://www.asmodean.net
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup at braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> Best regards and happy New Year,
> Darrell
> Access technology consulting / network and UNIX         systems
administration.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>

More information about the Speakup mailing list