[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Scanned with SSH-1.0-SSH_Version_Mapper
- Subject: RE: [cobalt-security] Scanned with SSH-1.0-SSH_Version_Mapper
- From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
- Date: Tue, 8 Oct 2002 11:18:51 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
<snip>
>I got this in my system check email:
>
>Unusual System Events
>
>Oct 8 04:12:02 www sshd[18637]: scanned from 24.185.139.92 with
>SSH-1.0-SSH_Version_Mapper. Don't panic.
>Oct 8 04:12:02 www sshd[18636]: Did not receive identification string from
>24.185.139.92
>
>Do I need to panic!!!
>
NO! Read the log file entry - it clearly states "Don't panic" :)
</snip>
Just to be a bit more definitive, what this means is somebody at 24.185.139.92 connected via ssh, then disconnected after reading the version string.
If it continues, then you *should* mildly worry, as it could be somebody trying to find an old SSH version to hack into. Generally though it would just be a one-off, so nothing to worry about.
Regards,
Andy
andy@xxxxxxxxxx
http://www.raqpak.com/ <-- Raq/Qube unofficial PKGs and support advice