Security Incidents mailing list archives

Re: slowish ssh scan from 149.69.85.65

From: Nate Campi <nate () campin net>
Date: Tue, 4 Dec 2001 21:36:10 -0800

begin  Russell Fulton quotation of Wed, Dec 05, 2001 at 03:19:58PM +1300:

Greetings All,

starting on 4th Dec 2001 at 19:47 (UTC) we saw an unusual scan from 
149.69.85.65 (owned by St. John Fisher College (NET-PSINET-B-69)) who 
have been notified -- no response yet.


Confirmed here:

Dec  4 22:45:56 DNSSERVER sshd[7396]: [ID 702911 auth.warning] DNS
lookup failed for 149.69.85.65.

This host is supposed to be protected by router ACLs, but apparently
not :( 

We'll be closing the hole shortly.
-- 
Nate Campi        http://www.campin.net        GnuPG key: 0xC17AEF79   
Key fingerprint = BF12 722F 8799 E614 33CC  FAB7 5A90 C464 C17A EF79

Corporations are not evil. That kind of anthropomorphism is inappropriate.
Corporations are too stupid to be evil, only people can be that.  -jwz


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

slowish ssh scan from 149.69.85.65 Russell Fulton (Dec 04)
- Re: slowish ssh scan from 149.69.85.65 Nate Campi (Dec 05)
  - Re: slowish ssh scan from 149.69.85.65 Andreas Östling (Dec 05)
- Re: slowish ssh scan from 149.69.85.65 Glenn Forbes Fleming Larratt (Dec 05)
  - Re: slowish ssh scan from 149.69.85.65 Jim Watt (Dec 05)