[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH Scans



To update what I mentioned at the LUG meeting last night.

After looking it up online I have been getting ssh scans by many different
IP addresses. This seems to have started in the past month or so.

The actual error message is "Did not reveive identification string from
xxx.xxx.xxx.xxx."

It looks to me after reading discussions online that they are attempting
to find out if you are running an exploitable version of ssh. So the
best bet is to make sure that you are running a current/patched version
of ssh.

This is a pretty slow scan as I have only one report per IP address in
my logs and I have very few repeats.
-steve
--
Steven Isaacson <spisaacs@xxxxxxx> http://www.csl.mtu.edu/~spisaacs/
AIM:spi516 "Need to be proud of what you are..." - Echo Image