--On 12/05/2001 11:52 AM -0600 Glenn Forbes Fleming Larratt wrote: } On Wed, 5 Dec 2001, Russell Fulton wrote: }> }> starting on 4th Dec 2001 at 19:47 (UTC) we saw an unusual scan from }> 149.69.85.65 (owned by St. John Fisher College (NET-PSINET-B-69)) who }> have been notified -- no response yet. } } Us, too (i.e. noted and blocked) (timestamps in CST [6hr west of UTC]): Yep, something's up all right. Not as many as yours, and not from that machine, but very unusual: Dec 4 23:25:53 sshd[7496]: Did not receive identification string from 211.58.254.51 Dec 4 23:27:24 sshd[7509]: Did not receive identification string from 211.58.254.51 That network's in Korea. Only one other, from a network in Mexico: Nov 30 19:07:02 sshd[54444]: Did not receive identification string from 148.246.138.105. That's a week's worth, which is all the machine keeps. Times are PST. Jim -- Jim Watt wattjgat_private Applied Biosystems Voice (desk): +1 408 577 2228 3833 North First Street Fax: +1 408 894 9307 San Jose CA 95134-1701 Voice (main): +1 408 577 2200 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 13:15:16 PST