[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Scanned with SSH-1.0-SSH_Version_Mapper

Subject: RE: [cobalt-security] Scanned with SSH-1.0-SSH_Version_Mapper
From: "Andy Brown" <andy.brown@xxxxxxxxxxxxx>
Date: Tue, 8 Oct 2002 11:18:51 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

<snip>
>I got this in my system check email:
>
>Unusual System Events
>
>Oct  8 04:12:02 www sshd[18637]: scanned from 24.185.139.92 with
>SSH-1.0-SSH_Version_Mapper.  Don't panic.
>Oct  8 04:12:02 www sshd[18636]: Did not receive identification string from
>24.185.139.92
>
>Do I need to panic!!!
>

NO!  Read the log file entry - it clearly states "Don't panic" :)
</snip>


Just to be a bit more definitive, what this means is somebody at 24.185.139.92 connected via ssh, then disconnected after reading the version string.

If it continues, then you *should* mildly worry, as it could be somebody trying to find an old SSH version to hack into. Generally though it would just be a one-off, so nothing to worry about.

Regards,

Andy
andy@xxxxxxxxxx
http://www.raqpak.com/ <-- Raq/Qube unofficial PKGs and support advice

Prev by Date: RE: [cobalt-security] Is this suspicious?
Next by Date: [cobalt-security] cobalt root exploit
Previous by thread: Re: [cobalt-security] Scanned with SSH-1.0-SSH_Version_Mapper
Next by thread: [cobalt-security] cobalt root exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index