Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog

From: Jose Nazario (
Date: 12/27/01

Date: Thu, 27 Dec 2001 11:33:21 -0500 (EST)
From: Jose Nazario <>
To: "Matthew D. Close" <>

On Sun, 23 Dec 2001, Matthew D. Close wrote:

> There seem to be two types of scanning going on, one that looks like
> scanssh. Then another that's a SYN scan, with a normal reconnect to
> port 22 if the first scan found anything open.

scanssh -p will do that, maybe that is what is going on:

     -p ifaddr
             Specifies the address of the local interface. This is used to
             speed up the scanning by pre-probing the addresses with TCP-SYN

makes a massive performance enhancement.

jose nazario
                           PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: