Wireshark mailing list archives

Re: Very strange SSH probe

From: Andrew Hood <ajhood () fl net au>
Date: Tue, 13 Jul 2010 13:53:08 +1000

Michael Glenn wrote:

Anyone else seeing this? 
 
Every five to six minutes, my Linux boxes are seeing a single connection attempt via SSH. What makes this unusual is 
that the user ID is always 'test1' and the source IPs are all over the map; I don't think I've seen the same IP 
address twice yet.


I don't get them every few minutes because for a number of years I have
been using an automated process to add compete suballocations which have
had IP addresses send ssh probes to the firewall rules.

It is down to about a dozen a day.
-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

question, how to output specific fields in a complex packet using tshark command line damker (Jul 12)
- Very strange SSH probe Michael Glenn (Jul 12)
  - Re: Very strange SSH probe Martin Visser (Jul 12)
  - Re: Very strange SSH probe Andrew Hood (Jul 12)
- Re: question, how to output specific fields in a complex packet using tshark command line Martin Visser (Jul 12)
  - 答复: question, how to output specific fields in a complex packet using tshark command line damker (Jul 12)
    - Re: [Wireshark-users] 答复: question, how to output specific fields in a complex packet using tshark command line Martin Visser (Jul 12)
    - 答复: 答复: question, how to output specific fields in a complex packet using tshark command line damker (Jul 13)
    - Re: [Wireshark-users] 答复: 答复: question, how to output specific fields in a complex packet using tshark command line Martin Visser (Jul 13)