The scans have to do with someone searching for SSH Protocol 1 CRC32
Compensation vulnerabilities.
I would disable SSH1 and use SSH2.
Regards.
On Sun, 2001-12-09 at 12:23, Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hi folks,
>
> I've been seeing a lot of SSHd scans of late. That in itself
> isn't odd, but the sheer volume of the scans is what's got my attention.
> These sorts of scans used to occur infrequently, but now they're coming
> within minutes of each other, and they're coming from all over the globe.
>
> It's not in my nature to speculate wildly, but the sheer volume of
> these scans, coupled with the variety of their origins (not to mention the
> timing) leads me to wonder if a worm isn't at play here.
>
> Has anyone else seen this sort of thing from their systems?
--
-----------------------------------------------------------------
From the Linux Box of Armando Ortiz
System Administrator
OnLineTraffic.com
Email: aortizat_private
Download my public key from:
ftp://209.185.214.98/pub/pubkeys/aortizat_private
or retrieve it from
http://www.keyserver.net as aortizat_private
(Public Key expires 01/04/2002)
All emails from me are signed by this public key.
-----------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Dec 10 2001 - 15:12:22 PST