ssh scans
From: Chad Mawson (CMAWSON@woodsaitken.com)Date: 09/28/01
- Previous message: Xno Xutz: "re: Syn packets hitting port 80, not webserver"
- Next in thread: Heather Adkins: "Re: ssh scans"
- Reply: Heather Adkins: "Re: ssh scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: ssh scans Date: Fri, 28 Sep 2001 15:42:52 -0500 Message-ID: <6B8805064086D64E961BE89BCAFB4E771809A2@wa2.woodsaitken.com> From: "Chad Mawson" <CMAWSON@woodsaitken.com> To: "INCIDENTS (E-mail)" <INCIDENTS@SECURITYFOCUS.COM>
I vaguely remember seeing something about this a month or so ago, but I
don't remember any details. I am getting attempts 1-2 times a day from
different IP addresses on TCP port 22.
nmap returns this:
Port State Protocol Service
21 open tcp ftp
22 open tcp ssh
23 open tcp telnet
80 filtered tcp http
5001 open tcp commplex-link
I can't get a telnet, or http response, but ssh and ftp do. FTP - (not
trying to log in, just getting the headers) shows:
220 ArrowPoint (5.3.1) FTP server ready
Name (216.34.77.12:root):
331 Password required
Password:
530 Login failed.
Login failed.
ftp> quit
221 Thank you for visiting. May the remainder of your day be filled with
joy.
I also can't find any good info on the port 5001, I'm assuming these
systems have been compromised, but I'd like to make sure before I start
trying to contact anyone.
Thanks
Chad Mawson
Woods & Aitken LLP
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Xno Xutz: "re: Syn packets hitting port 80, not webserver"
- Next in thread: Heather Adkins: "Re: ssh scans"
- Reply: Heather Adkins: "Re: ssh scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
