Re: Strange SSHD Behaviour
From: Seth Arnold (sarnold@wirex.com)Date: 09/12/02
- Previous message: Annette Meriste: "Re: Strange SSHD Behaviour"
- In reply to: Naseer Bhatti: "Strange SSHD Behaviour"
- Next in thread: Hugo van der Kooij: "Re: Strange SSHD Behaviour"
- Next in thread: Kurt Seifried: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 11 Sep 2002 15:09:04 -0700 From: Seth Arnold <sarnold@wirex.com> To: focus-linux <focus-linux@securityfocus.com>
On Thu, Sep 12, 2002 at 12:55:51AM +0500, Naseer Bhatti wrote:
> Sep 10 01:15:33 redy sshd[5332]: scanned from 66.x.x.253 with
> SSH-1.0-SSH_Version_Mapper_Servers_Alive_3.1.1043. Don't panic.
[...]
> is this some sort of scanning or internal sshd behavior? I am using Open SSH
> 3.4 with Protocol 2 only on Linux. I am getting this from mainly 2 IPs on
> the same network I am. Any help would be appreciated.
This is more or less normal behavior. It means someone on your network
is scanning your ssh daemon to see what version you are running.
Normally, system administrators run this every once in a while to make
sure their users don't have vulnerable ssh daemons running.
http://www.citi.umich.edu/u/provos/ssh/ for the most popular ssh
scanning program.
Just make sure you are up-to-date with openssh patches and don't panic. :)
-- It seems the power has been robbed from the founding fathers and is now firmly in the hand of the funding fathers -- Rik van Riel
- application/pgp-signature attachment: stored
- Previous message: Annette Meriste: "Re: Strange SSHD Behaviour"
- In reply to: Naseer Bhatti: "Strange SSHD Behaviour"
- Next in thread: Hugo van der Kooij: "Re: Strange SSHD Behaviour"
- Next in thread: Kurt Seifried: "Re: Openssh and sendmail signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
