Security Incidents mailing list archives
Re: slowish ssh scan from 149.69.85.65
From: Nate Campi <nate () campin net>
Date: Tue, 4 Dec 2001 21:36:10 -0800
begin Russell Fulton quotation of Wed, Dec 05, 2001 at 03:19:58PM +1300:
Greetings All, starting on 4th Dec 2001 at 19:47 (UTC) we saw an unusual scan from 149.69.85.65 (owned by St. John Fisher College (NET-PSINET-B-69)) who have been notified -- no response yet.
Confirmed here: Dec 4 22:45:56 DNSSERVER sshd[7396]: [ID 702911 auth.warning] DNS lookup failed for 149.69.85.65. This host is supposed to be protected by router ACLs, but apparently not :( We'll be closing the hole shortly. -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79 Corporations are not evil. That kind of anthropomorphism is inappropriate. Corporations are too stupid to be evil, only people can be that. -jwz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- slowish ssh scan from 149.69.85.65 Russell Fulton (Dec 04)
- Re: slowish ssh scan from 149.69.85.65 Nate Campi (Dec 05)
- Re: slowish ssh scan from 149.69.85.65 Andreas Östling (Dec 05)
- Re: slowish ssh scan from 149.69.85.65 Glenn Forbes Fleming Larratt (Dec 05)
- Re: slowish ssh scan from 149.69.85.65 Jim Watt (Dec 05)
- Re: slowish ssh scan from 149.69.85.65 Nate Campi (Dec 05)