Security Incidents mailing list archives
ssh scans
From: "Chad Mawson" <CMAWSON () woodsaitken com>
Date: Fri, 28 Sep 2001 15:42:52 -0500
I vaguely remember seeing something about this a month or so ago, but I don't remember any details. I am getting attempts 1-2 times a day from different IP addresses on TCP port 22. nmap returns this: Port State Protocol Service 21 open tcp ftp 22 open tcp ssh 23 open tcp telnet 80 filtered tcp http 5001 open tcp commplex-link I can't get a telnet, or http response, but ssh and ftp do. FTP - (not trying to log in, just getting the headers) shows: 220 ArrowPoint (5.3.1) FTP server ready Name (216.34.77.12:root): 331 Password required Password: 530 Login failed. Login failed. ftp> quit 221 Thank you for visiting. May the remainder of your day be filled with joy. I also can't find any good info on the port 5001, I'm assuming these systems have been compromised, but I'd like to make sure before I start trying to contact anyone. Thanks Chad Mawson Woods & Aitken LLP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ssh scans Chad Mawson (Sep 28)
- Re: ssh scans Heather Adkins (Sep 28)
- Re: ssh scans Matthew Leeds (Sep 28)
- Re: ssh scans Heather Adkins (Sep 28)