"Jay D. Dyson" <jdysonat_private> Please forgive me for replying to you *and* the list, but I wanted to make sure you got to see what I wrote. > I've been seeing a lot of SSHd scans of late. [ ... ] > Has anyone else seen this sort of thing from their systems? Until a month or two ago we *never* saw scans to port 22. Now they are common, though I'm not seeing anything like the intensity you describe. In a week I might see as many as six, total, and that would be a heavy week for me. Most of what I detect appear to be SYN scans. Has anyone done a honeypot study to find out what weaknesses are being exploited, or is it just the usual bug in SSH1? Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 10:30:11 PST