Security Incidents mailing list archives
Re: Automated SSH scanning
From: David Goldsmith <dave.goldsmith () INTELSAT INT>
Date: Wed, 26 Jul 2000 08:19:22 -0400
According to the last paragraph on the page you reference, they are willing to exclude netblocks: "If you truly have a problem with this machine sampling your hosts, please filter traffic originating from ssh-research-scanner.ucs.ualberta.ca (129.128.8.230) Alternatively, if you are unable to filter the traffic to your net originating from this host, please email a list of your network blocks to exclude () ssh-research-scanner ucs ualberta ca. We will add your networks to an exclusion list of addresses that will not be examined, and e-mail you back a confirmation of this." R/S Dave Goldsmith -----Original Message----- From: John Kristoff [mailto:jtk () DEPAUL EDU] Sent: Monday, July 24, 2000 8:07 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Automated SSH scanning Saw some SSH probes today, which frightened me somewhat. It turns out to be survey profiling device. This machine (the source of the probes), offer's some brief details: http://ssh-research-scanner.ucs.ualberta.ca/ Although it would be nice if *they* filtered the netblocks people didn't want scanned rather than placing the burden on the sites they are scanning. John
Current thread:
- Re: Automated SSH scanning Mimic Doppelganger (Jul 25)
- <Possible follow-ups>
- Re: Automated SSH scanning David Goldsmith (Jul 26)