Identification String spam from known hosts



Hello,

Web searches on this issue are polluted by logs of hacking attempts and suchlike; can't find any simple technical explanation of the condition that's actually triggering it, though.

Host's logs are filled with "Did not receive identification string from x.x.x.x" messages when i am connected to the host *from* x.x.x.x at a rate of one every 2-3 minutes. What is the cause of sshd's ire?

x.x.x.x which i am connecting from is a Gentoo system, using ebuild openssh-4.2_p1-r1.
The host is Ubuntu using openssh-server 1:4.1p1-7ubuntu4.

Across the network, i have noticed that a few Debian systems consistently complain in this manner about Gentoo systems that connect to them. I am assuming the ssh client on gentoo is (or isn't...) sending something to the remote host that it doesn't like, but i'm not sure where to start looking, even...

--
Rob Munsch
Solutions For Progress IT



Relevant Pages

  • Nimda mostly infects /8-locally.
    ... Subject: Nimda mostly infects /8-locally. ... addresses encountered in the logs): ... This means, in particular, that the probability for Nimda to attack ... a host in the same /8 portion of the IP address space is ...
    (Incidents)
  • Re[2]: Spoofed RFC1918 Network Source Addresses...
    ... Just for clarification, the host: ... exists outside the firewall and the 10.x.x.x network addresses exist ... which given my theory (of return packets) does not make much ... RF> Logs would be useful, ...
    (Incidents)
  • Re: SOHO firewall dropping incoming 443 connections - incorrect state
    ... I take it this sample snip of your logs is from a single session? ... client host connecting to the firewall was a single host. ... because of the nature of HTTPS requests it uses a different ephemeral ...
    (comp.security.firewalls)
  • Re: Dynamic Update Policy.....
    ... com>, Gary Greene writes: ... I'm getting errors in the logs on the system that the host is being ... however the forward zone does not. ...
    (comp.protocols.dns.bind)
  • Re: DHCP Logging (cant find a solution!)
    ... ISA doesn't have "Client Host name" in Web logs (as it does in Firewall ... Don't use SecureNAT Clients and you will always ...
    (microsoft.public.windows.server.networking)