Re: Automated SSH scanning

[Mimic Doppelganger <mimics_clone () HOTMAIL COM>]

What differentiates a hostile scan from an unwelcome benign scan?  Does the
fact that an operator has the balls to put up a web-site, admitting that (he
|| she || it) is allegedly scanning random ip addresses for commercial
and/or academic reasons, mitigate the operator's behavior?  Do not take this
as an accusation of wrong doing or dark motives -- it is just difficult to
separate these actions from the behavior of JQ Cracker.

A


Date: Mon, 24 Jul 2000 19:06:48 -0500
From: John Kristoff <jtk () DEPAUL EDU>
Reply-To: jtk () aharp is-net depaul edu
To: INCIDENTS () SECURITYFOCUS COM
Subject: Automated SSH scanning

Saw some SSH probes today, which frightened me somewhat.  It turns out
to be survey profiling device.  This machine (the source of the probes),
offer's some brief details:

http://ssh-research-scanner.ucs.ualberta.ca/

Although it would be nice if *they* filtered the netblocks people didn't
want scanned rather than placing the burden on the sites they are scanning.

John
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com