* log entry question on sshd
@ Raul A. Gallegos
` Kirk Wood
` log entry question on sshd Darrell Shandrow
0 siblings, 2 replies; 10+ messages in thread
From: Raul A. Gallegos @ UTC (permalink / raw)
To: Speakup Mailing-list
Hey gang. I received this log entry and am not sure if it's a portscan
of some type or not. Anyone seen this before?
Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
+SSH-1.0-SSH_Version_Mapper. Don't panic.
Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
+SSH-1.0-SSH_Version_Mapper. Don't panic.
Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
+SSH-1.0-SSH_Version_Mapper. Don't panic.
--
We are writing this e-mail to inform you that the mail server is down.
Please do not call the help desk for assistance. To see the progress of
any outage refer to your e-mail notifications.
Raul A. Gallegos - http://www.asmodean.net
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: log entry question on sshd
log entry question on sshd Raul A. Gallegos
@ ` Kirk Wood
` Eudora address book conversion? charles crawford
` log entry question on sshd Darrell Shandrow
1 sibling, 1 reply; 10+ messages in thread
From: Kirk Wood @ UTC (permalink / raw)
To: Speakup Mailing-list
I haven't seen it, but would be inclined to follow the advice given right
in the log.
=======
Kirk Wood
Cpt.Kirk@1tree.net
Nowlan's Theory:
He who hesitates is not only lost, but several miles from
the next freeway exit.
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: log entry question on sshd
log entry question on sshd Raul A. Gallegos
` Kirk Wood
@ ` Darrell Shandrow
` Raul A. Gallegos
1 sibling, 1 reply; 10+ messages in thread
From: Darrell Shandrow @ UTC (permalink / raw)
To: speakup
Hi Raul,
Hmmm, looks like a rather persistent port scan, in my estimation.
At 11:04 PM 1/20/2002 -0600, you wrote:
>Hey gang. I received this log entry and am not sure if it's a portscan
>of some type or not. Anyone seen this before?
>
>Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
>+SSH-1.0-SSH_Version_Mapper. Don't panic.
>Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
>+SSH-1.0-SSH_Version_Mapper. Don't panic.
>Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
>+SSH-1.0-SSH_Version_Mapper. Don't panic.
>
>--
>We are writing this e-mail to inform you that the mail server is down.
>Please do not call the help desk for assistance. To see the progress of
>any outage refer to your e-mail notifications.
>Raul A. Gallegos - http://www.asmodean.net
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
Best regards and happy New Year,
Darrell
Access technology consulting / network and UNIX systems administration.
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: log entry question on sshd
` log entry question on sshd Darrell Shandrow
@ ` Raul A. Gallegos
` Darrell Shandrow
0 siblings, 1 reply; 10+ messages in thread
From: Raul A. Gallegos @ UTC (permalink / raw)
To: speakup
Darrell Shandrow said the following on Tue, Jan 22, 2002 at 08:43:41PM -0700:
> Hi Raul,
>
> Hmmm, looks like a rather persistent port scan, in my estimation.
>
> At 11:04 PM 1/20/2002 -0600, you wrote:
> >Hey gang. I received this log entry and am not sure if it's a portscan
> >of some type or not. Anyone seen this before?
> >
> >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
> >+SSH-1.0-SSH_Version_Mapper. Don't panic.
I thought so at first but usually portscans will scan more ports than
ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh
is secure and does not allow root to ssh in anyway. I also didn't see
any other portscans on any other ports. What it seems to me is that
they were trying to use ssh1 to connect on ssh2 or something but who
knows. It has not happened since so I am not worried.
--
We are writing this e-mail to inform you that the mail server is down.
Please do not call the help desk for assistance. To see the progress of
any outage refer to your e-mail notifications.
Raul A. Gallegos - http://www.asmodean.net
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: log entry question on sshd
` Raul A. Gallegos
@ ` Darrell Shandrow
` Amanda Lee
0 siblings, 1 reply; 10+ messages in thread
From: Darrell Shandrow @ UTC (permalink / raw)
To: speakup
Hi Raul,
You could access the ARIN (American Registry of Internet Numbers) web site
at http://www.arin.net to find out the provider who has registered the IP
address in question, and contact that provider. I have certainly dealt
with those sorts of security inqueries at work on a number of occasions.
At 09:11 AM 1/23/2002 -0600, you wrote:
>Darrell Shandrow said the following on Tue, Jan 22, 2002 at 08:43:41PM -0700:
> > Hi Raul,
> >
> > Hmmm, looks like a rather persistent port scan, in my estimation.
> >
> > At 11:04 PM 1/20/2002 -0600, you wrote:
> > >Hey gang. I received this log entry and am not sure if it's a portscan
> > >of some type or not. Anyone seen this before?
> > >
> > >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
> > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> > >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
> > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> > >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
> > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
>
>
>I thought so at first but usually portscans will scan more ports than
>ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh
>is secure and does not allow root to ssh in anyway. I also didn't see
>any other portscans on any other ports. What it seems to me is that
>they were trying to use ssh1 to connect on ssh2 or something but who
>knows. It has not happened since so I am not worried.
>
>--
>We are writing this e-mail to inform you that the mail server is down.
>Please do not call the help desk for assistance. To see the progress of
>any outage refer to your e-mail notifications.
>Raul A. Gallegos - http://www.asmodean.net
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
Best regards and happy New Year,
Darrell
Access technology consulting / network and UNIX systems administration.
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: log entry question on sshd
` Darrell Shandrow
@ ` Amanda Lee
` Geoff Shang
0 siblings, 1 reply; 10+ messages in thread
From: Amanda Lee @ UTC (permalink / raw)
To: speakup
Beat me to it! was pointed out last week when I took the TCP/IP class.
Now going to go key-in the IP's I see here after Comcast alledgedly cutover
from the @home debacle to their network yesterday. I do see a different
numbering series and am currious to know who these are registered to.
Amanda Lee
----- Original Message -----
From: "Darrell Shandrow" <nu7i@azboss.net>
To: <speakup@braille.uwo.ca>
Sent: Wednesday, January 23, 2002 10:58 PM
Subject: Re: log entry question on sshd
> Hi Raul,
>
> You could access the ARIN (American Registry of Internet Numbers) web site
> at http://www.arin.net to find out the provider who has registered the IP
> address in question, and contact that provider. I have certainly dealt
> with those sorts of security inqueries at work on a number of occasions.
>
>
> At 09:11 AM 1/23/2002 -0600, you wrote:
> >Darrell Shandrow said the following on Tue, Jan 22, 2002 at
08:43:41PM -0700:
> > > Hi Raul,
> > >
> > > Hmmm, looks like a rather persistent port scan, in my estimation.
> > >
> > > At 11:04 PM 1/20/2002 -0600, you wrote:
> > > >Hey gang. I received this log entry and am not sure if it's a
portscan
> > > >of some type or not. Anyone seen this before?
> > > >
> > > >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> > > >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> > > >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with
> > > >+SSH-1.0-SSH_Version_Mapper. Don't panic.
> >
> >
> >I thought so at first but usually portscans will scan more ports than
> >ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh
> >is secure and does not allow root to ssh in anyway. I also didn't see
> >any other portscans on any other ports. What it seems to me is that
> >they were trying to use ssh1 to connect on ssh2 or something but who
> >knows. It has not happened since so I am not worried.
> >
> >--
> >We are writing this e-mail to inform you that the mail server is down.
> >Please do not call the help desk for assistance. To see the progress of
> >any outage refer to your e-mail notifications.
> >Raul A. Gallegos - http://www.asmodean.net
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup@braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> Best regards and happy New Year,
> Darrell
> Access technology consulting / network and UNIX systems
administration.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
log entry question on sshd Raul A. Gallegos
` Kirk Wood
` Eudora address book conversion? charles crawford
` Steve Holmes
` charles crawford
` log entry question on sshd Darrell Shandrow
` Raul A. Gallegos
` Darrell Shandrow
` Amanda Lee
` Geoff Shang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).