Dug Song <dugsongat_private> writes: > On Sun, Sep 09, 2001 at 02:40:36PM -0400, Erik Fichtner wrote: > > > Anyone else seen this, or have any further information? > > dollars to donuts it's just niels: > > http://www.monkey.org/~provos/scanssh/ > > he'll be publishing his results soon at a conference near you... From the logs posted by Erik Fichtner <techsat_private>: > Sep 9 15:21:22 hostA sshd[64608]: Did not receive ident string from 199.171.27.50. dig -x 199.171.27.50 gives: > 50.27.171.199.in-addr.arpa. 57m20s IN PTR www10.gti.net. Would Niels really use a machine whose PTR record was "www10.gti.net" to do that kind of scan? We have seen this IP scan our netblock too. -- Kent Engström, Linköping University Incident Response Team kentat_private abuseat_private +46 13 28 1744 UNIT, Linköping University; SE-581 83 LINKÖPING; SWEDEN ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 08:30:46 PDT