From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from femail11.sdc1.sfba.home.com ([24.0.95.107]) by speech.braille.uwo.ca with esmtp (Exim 3.32 #1 (Debian)) id 16TbLf-0001Ia-00 for ; Wed, 23 Jan 2002 23:18:51 -0500 Received: from cj2204215a ([68.50.5.81]) by femail11.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20020124041856.VTXT3699.femail11.sdc1.sfba.home.com@cj2204215a> for ; Wed, 23 Jan 2002 20:18:56 -0800 Message-ID: <02aa01c1a48d$6ad0d720$6501a8c0@alex1.va.home.com> From: "Amanda Lee" To: References: <5.1.0.14.2.20020122204308.01be38a0@mail.azboss.net> <20020121050400.GA5744@asmodean.net> <5.1.0.14.2.20020122204308.01be38a0@mail.azboss.net> <5.1.0.14.2.20020123205731.00ce1eb8@mail.azboss.net> Subject: Re: log entry question on sshd Date: Wed, 23 Jan 2002 23:13:02 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: speakup-admin@braille.uwo.ca Errors-To: speakup-admin@braille.uwo.ca X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.0.7 Precedence: bulk Reply-To: speakup@braille.uwo.ca X-Reply-To: "Amanda Lee" List-Help: List-Post: List-Subscribe: , List-Id: Speakup is a screen review system for Linux. List-Unsubscribe: , List-Archive: Beat me to it! was pointed out last week when I took the TCP/IP class. Now going to go key-in the IP's I see here after Comcast alledgedly cutover from the @home debacle to their network yesterday. I do see a different numbering series and am currious to know who these are registered to. Amanda Lee ----- Original Message ----- From: "Darrell Shandrow" To: Sent: Wednesday, January 23, 2002 10:58 PM Subject: Re: log entry question on sshd > Hi Raul, > > You could access the ARIN (American Registry of Internet Numbers) web site > at http://www.arin.net to find out the provider who has registered the IP > address in question, and contact that provider. I have certainly dealt > with those sorts of security inqueries at work on a number of occasions. > > > At 09:11 AM 1/23/2002 -0600, you wrote: > >Darrell Shandrow said the following on Tue, Jan 22, 2002 at 08:43:41PM -0700: > > > Hi Raul, > > > > > > Hmmm, looks like a rather persistent port scan, in my estimation. > > > > > > At 11:04 PM 1/20/2002 -0600, you wrote: > > > >Hey gang. I received this log entry and am not sure if it's a portscan > > > >of some type or not. Anyone seen this before? > > > > > > > >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with > > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > > >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with > > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > > >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with > > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > > > > >I thought so at first but usually portscans will scan more ports than > >ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh > >is secure and does not allow root to ssh in anyway. I also didn't see > >any other portscans on any other ports. What it seems to me is that > >they were trying to use ssh1 to connect on ssh2 or something but who > >knows. It has not happened since so I am not worried. > > > >-- > >We are writing this e-mail to inform you that the mail server is down. > >Please do not call the help desk for assistance. To see the progress of > >any outage refer to your e-mail notifications. > >Raul A. Gallegos - http://www.asmodean.net > > > >_______________________________________________ > >Speakup mailing list > >Speakup@braille.uwo.ca > >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > Best regards and happy New Year, > Darrell > Access technology consulting / network and UNIX systems administration. > > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup > >