Security Incidents mailing list archives
Increase in SSH scans
From: Robert Rich <rrich () gstisecurity com>
Date: Mon, 09 Sep 2002 06:14:18 -0400
I will normally get two or three hits on ssh per day. From LogWatch this morning:---------------- Connections (secure-log) Begin -------------------
**Unmatched Entries** Sep 29 09:38:38 low sshd[17083]: Did not receive identification string from 155.135.21.52 Sep 29 09:38:50 low sshd[17084]: Did not receive identification string from 155.135.21.52 Sep 29 10:39:59 low sshd[17134]: Did not receive identification string from 64.86.51.194 Sep 29 11:14:58 low sshd[17172]: Did not receive identification string from 192.100.172.221 Sep 29 11:15:34 low sshd[17175]: Did not receive identification string from 141.158.192.201 Sep 29 11:48:20 low sshd[17201]: Did not receive identification string from 63.94.149.93 Sep 29 11:51:24 low sshd[17211]: Did not receive identification string from 195.39.45.186 Sep 29 18:44:03 low sshd[17692]: Did not receive identification string from 66.84.209.226 Sep 29 19:03:35 low sshd[17718]: Did not receive identification string from 66.150.105.38 Sep 29 19:18:32 low sshd[17736]: Did not receive identification string from 210.33.44.12 Sep 29 19:59:58 low sshd[17774]: Did not receive identification string from 163.180.17.91 Sep 29 20:33:03 low sshd[17807]: Did not receive identification string from 196.40.3.74 Sep 29 20:42:53 low sshd[17815]: Did not receive identification string from 140.127.192.30At least one of the hosts involved shows up at dshield.org with evidence of a slapper infestation.
Anyone seeing anything similar? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increase in SSH scans Robert Rich (Sep 30)
- WinXP integrated packet filtering Maxime Ducharme (Sep 30)
- <Possible follow-ups>
- RE: Increase in SSH scans Keith T. Morgan (Sep 30)