Security Incidents mailing list archives
About SSH scanning
From: Joan Miquel Vigo <jmv () icf uab es>
Date: Thu, 29 Jul 2004 11:53:47 +0100
Hi there. I've read the topics about SSH attacks & SSH incidents posted recently, so I reviewed some logs and this is what I've found: scanned from 150.101.181.246 with SSH-1.0-SSH_Version_Mapper. Don't panic I've checked ARIN and Google: - the IP is from an australian ISP (eth503.qld.adsl.internode.on.net) - the SSH Version Mapper is a scanner that probes SSH servers for their software version and which hosts run vulnerable versions. Paper available at http://www.citi.umich.edu/techreports/reports/citi-tr-01-13.pdf and you can get the source code at http://www.monkey.org/~provos/scanssh/ On the other hand, I've not found any login attempt using 'test' Regards Joan Miquel Vigo
Current thread:
- About SSH scanning Joan Miquel Vigo (Jul 29)