[TriLUG] SSH Probing...
Steve
steve at kuekes.homeip.net
Wed Mar 13 08:27:02 EST 2002
Don't know if any of you have noticed this or not, but over the last few months
I have started to get hackers probing my SSH port on my Linux box on my cable
modem. There must be some kind of SSH exploit that they are looking for..
Mar 12 01:34:00 linux sshd[26174]: scanned from 208.63.48.13 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Mar 12 01:34:01 linux sshd[26173]: Did not receive identification string from
208.63.48.13.
Mar 12 02:16:49 linux sshd[26231]: Did not receive identification string from
63.96.15.7.
Mar 12 04:58:45 linux sshd[26772]: scanned from 212.180.37.138 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Mar 12 04:58:45 linux sshd[26771]: Did not receive identification string from
212.180.37.138.
I'm going to start making a list of the IP's and denying any incoming traffic
from them. Although I doubt that this will help much....
(I'm still getting lots of "Code Red" probes, but that doesn't bother Apache...)
--
Steve Kuekes
Private Pilot: N9259R '95 Saratoga based at Sanford-Lee County Regional (TTA)
email: skuekes at nc.rr.com
More information about the TriLUG
mailing list