[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: About SSH scanning
From: Joan Miquel Vigo <jmv () icf ! uab ! es>
Date: 2004-07-29 10:53:47
Message-ID: 20040729105347.M18754 () icf ! uab ! es
[Download RAW message or body]
Hi there.
I've read the topics about SSH attacks & SSH incidents posted recently, so I
reviewed some logs and this is what I've found:
scanned from 150.101.181.246 with SSH-1.0-SSH_Version_Mapper. Don't panic
I've checked ARIN and Google:
- the IP is from an australian ISP (eth503.qld.adsl.internode.on.net)
- the SSH Version Mapper is a scanner that probes SSH servers for their
software version and which hosts run vulnerable versions. Paper available at
http://www.citi.umich.edu/techreports/reports/citi-tr-01-13.pdf and you can
get the source code at http://www.monkey.org/~provos/scanssh/
On the other hand, I've not found any login attempt using 'test'
Regards
Joan Miquel Vigo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic