Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Anyone else seeing SSH scans?

From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Thu, 29 Jul 2004 18:52:33 +0200 (MET DST)
They must be using a custom SSH client because it says "Bye Bye" when it
disconnects from the server:

Jul 27 07:44:47 mbox sshd[3821]: Received disconnect from 61.193.179.162: 11: Bye Bye
Jul 27 07:44:50 mbox sshd[3822]: Received disconnect from 61.193.179.162: 11: Bye Bye
Jul 27 21:21:17 mbox sshd[27838]: Received disconnect from 216.99.211.35: 11: Bye Bye
Jul 27 21:21:20 mbox sshd[27839]: Received disconnect from 216.99.211.35: 11: Bye Bye
Jul 28 17:43:35 mbox sshd[28247]: Received disconnect from 211.219.5.170: 11: Bye Bye
Jul 28 17:43:38 mbox sshd[28248]: Received disconnect from 211.219.5.170: 11: Bye Bye
Jul 29 05:31:27 mbox sshd[14330]: Received disconnect from 131.104.49.33: 11: Bye Bye
Jul 29 05:31:29 mbox sshd[14331]: Received disconnect from 131.104.49.33: 11: Bye Bye

(Please note OpenSSH does not log this info unless LogLevel >= VERBOSE.)

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Previous By Date Next
Previous By Thread Next

Current thread: