Security Incidents mailing list archives

Re: Automated SSH scanning

From: David Goldsmith <dave.goldsmith () INTELSAT INT>
Date: Wed, 26 Jul 2000 08:19:22 -0400

According to the last paragraph on the page you reference, they are willing
to exclude netblocks:

"If you truly have a problem with this machine sampling your hosts, please
filter traffic originating from ssh-research-scanner.ucs.ualberta.ca
(129.128.8.230) Alternatively, if you are unable to filter the traffic to
your net originating from this host, please email a list of your network
blocks to exclude () ssh-research-scanner ucs ualberta ca. We will add your
networks to an exclusion list of addresses that will not be examined, and
e-mail you back a confirmation of this."

R/S

Dave Goldsmith

-----Original Message-----
From: John Kristoff [mailto:jtk () DEPAUL EDU]
Sent: Monday, July 24, 2000 8:07 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Automated SSH scanning


Saw some SSH probes today, which frightened me somewhat.  It turns out
to be survey profiling device.  This machine (the source of the probes),
offer's some brief details:

http://ssh-research-scanner.ucs.ualberta.ca/

Although it would be nice if *they* filtered the netblocks people didn't
want scanned rather than placing the burden on the sites they are
scanning.

John

Current thread:

Re: Automated SSH scanning Mimic Doppelganger (Jul 25)
- <Possible follow-ups>
- Re: Automated SSH scanning David Goldsmith (Jul 26)