[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [cobalt-users]scanned from 211.96.149.35 with SSH-1.0-SSH_Version_Mapper

Subject: Re: [cobalt-users] [cobalt-users]scanned from 211.96.149.35 with SSH-1.0-SSH_Version_Mapper
From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
Date: Fri Jan 4 22:21:01 2002
Organization: anonymous
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 3 Jan 2002 07:57:03 -0500, "Gerald Waugh" <gerald@xxxxxxxxx> wrote:

:>.Anybody get any of these?
:>
:>Jan  2 19:56:04 fsn1 sshd[9692]: scanned from 211.96.149.35 with
:>SSH-1.0-SSH_Version_Mapper.  Don't panic.
:>Jan  2 19:56:04 fsn1 sshd[9689]: Did not receive identification string from
:>211.96.149.35
:>
:>Gerald

I have had a couple of scans on port 22. I do not run ssh1 nor do I run ssh2
on port 22. Hence, my portsentry shuts them down immediately.

Jan  3 13:05:34 vanecek portsentry[1311]: attackalert: SYN/Normal scan from
host: 64.77.41.82/64.77.41.82 to TCP port: 22

I guess the twits have time on their hands.

I am seeing

Jan  5 00:12:36 vanecek sshd[23351]: reverse mapping checking getaddrinfo for
66-xxx-209.in-addr.arpa failed - POSSIBLE BREAKIN ATTEMPT! 

from my own machine since being forced to switch to a dynamic address on the
PC I use to connect to ssh2.

Sometimes it just says

Jan  2 11:40:39 vanecek sshd[7875]: Could not reverse map address
66.xxx.209.12.
Jan  2 11:40:39 vanecek sshd[7875]: Accepted password for admin from
66.xxx.209.12 port 28294 ssh2

Weird.

References:
- [cobalt-users] [cobalt-users]scanned from 211.96.149.35 with SSH-1.0-SSH_Version_Mapper
  - From: Gerald Waugh

Prev by Date: [cobalt-users] XTR WebMail Client
Next by Date: Re: [cobalt-users] pkg.nl.cobalt - Open SSH
Previous by thread: Re: [cobalt-users] [cobalt-users]scanned from 211.96.149.35 with SSH-1.0-SSH_Version_Mapper
Next by thread: [cobalt-users] Uninstalling Java

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index