Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog
From: Jose Nazario (jose@biocserver.BIOC.cwru.edu)Date: 12/27/01
- Previous message: Alvin Oga: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
- In reply to: Matthew D. Close: "Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Dec 2001 11:33:21 -0500 (EST) From: Jose Nazario <jose@biocserver.BIOC.cwru.edu> To: "Matthew D. Close" <mclose@exodus.net>
On Sun, 23 Dec 2001, Matthew D. Close wrote:
> There seem to be two types of scanning going on, one that looks like
> scanssh. Then another that's a SYN scan, with a normal reconnect to
> port 22 if the first scan found anything open.
scanssh -p will do that, maybe that is what is going on:
-p ifaddr
Specifies the address of the local interface. This is used to
speed up the scanning by pre-probing the addresses with TCP-SYN
packets.
makes a massive performance enhancement.
____________________________
jose nazario jose@cwru.edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Alvin Oga: "RE: NT Compromise -- Update -- SRC PORT: 53 traffic"
- In reply to: Matthew D. Close: "Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
