Re: Scans for telnetd on DNS servers.

I wonder...

Could this be a SSH scan by some stupid script kiddie that mistook the
telnet port# for that of SSH?


I observed a sudden increase of 23/tcp probes on Feb 28 at 16:00 GMT
(from more or less zero to approx. 1500 probes per hour). It lasted for
10 hours, then it stopped almost quickly as it started. It was neither a
focused probing of a certain kind of devices, nor any systematic sweep --
various IP addresses (including broadcast and other reserved addresses) in
our network were hit in a seemingly random manner.

--Pavel Kankovsky aka Peak [ Boycott Microsoft--
"Resistance is futile. Open your source code and prepare for

Relevant Pages

  • Zero Day Exploit for SSH?
    ... Received the following email from my hosting provider but I can't seem ... to find any details on this zero day exploit anywhere on the web. ... There's some brief mention of some sites being exploited running SSH ... To our lay clients who may not comprehend what SSH is -- even better, ...
  • Re: warning: remote host identification has changed!
    ... Non zero. ... and created a new ssh key and root password. ... admin verify the right keys for you by telling you the output of them ...
  • Re: 5.1 & telnet
    ... >>the telnet port, so I'm not worried about outside access. ... Did you configure hosts.allow and such, for the ssh session. ...