Security Incidents mailing list archives
Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Thu, 27 Dec 2001 11:33:21 -0500 (EST)
On Sun, 23 Dec 2001, Matthew D. Close wrote:
There seem to be two types of scanning going on, one that looks like scanssh. Then another that's a SYN scan, with a normal reconnect to port 22 if the first scan found anything open.
scanssh -p will do that, maybe that is what is going on: -p ifaddr Specifies the address of the local interface. This is used to speed up the scanning by pre-probing the addresses with TCP-SYN packets. makes a massive performance enhancement. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Steffen Dettmer (Dec 23)
- Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Sebastian Jaenicke (Dec 24)
- Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Matthew D. Close (Dec 24)
- Re: some "scanned with SSH-1.0-SSH_Version_Mapper. Don't panic." in syslog Jose Nazario (Dec 28)