Security Incidents mailing list archives
RE: Anyone else seeing SSH scans?
From: "R Michael Williams" <RMichael.Williams () ardenthealth com>
Date: Wed, 28 Jul 2004 12:41:01 -0500
Unless there's an exploit/rootkit that installs/uses a preconfigured SSH daemon of some sort. It's not uncommon to see probes for already exploited machines. It also might not be uncommon for companies that used to allow telnet on their perimeter before, to now allow SSH since it's "secure." We know use of SSH is _part_ of a secure remote solution, but not the whole solution. Others may not realize that yet. Just the vague ramblings of a dangerous mind.... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ R. Michael Williams, CISSP, GCIH Senior Security Architect Ardent Health Services Nashville, TN 615.296.3267 (office) 615.416.4564 (mobile) -----Original Message----- From: sk () onlaw at [mailto:sk () onlaw at] Sent: Wednesday, July 28, 2004 4:30 AM To: incidents () securityfocus com Subject: Re: Anyone else seeing SSH scans? Hi! I've also encountered these scans twice a day from different IPs. Remarkable is that these scans alle originate from different Asian countries (mostly.jp && .kr).
Is this something new, or just people looking for badly configured
machines? I can't think of an sshd configured that badly, but who knows... Stefan <snip> Privileged and Confidential: The information contained in this e-mail message is intended only for the personal and confidential use of the intended recipient(s). If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.
Current thread:
- Anyone else seeing SSH scans? Matthew Dharm (Jul 27)
- Re: Anyone else seeing SSH scans? Charles Heselton (Jul 28)
- Re: Anyone else seeing SSH scans? Ed J. Aivazian (Jul 28)
- Re: Anyone else seeing SSH scans? Seth J. Blank (Jul 28)
- Re: Anyone else seeing SSH scans? Jon Lewis (Jul 29)
- <Possible follow-ups>
- Re: Anyone else seeing SSH scans? sk (Jul 28)
- Re: Anyone else seeing SSH scans? Hossein Rafighi (Jul 29)
- RE: Anyone else seeing SSH scans? Andrew Kopp ( Tor ZEW ) (Jul 28)
- RE: Anyone else seeing SSH scans? R Michael Williams (Jul 29)
- RE: Anyone else seeing SSH scans? Ian Hayes (Jul 29)
- RE: Anyone else seeing SSH scans? GUSAIN, SUBODH (Jul 29)