I will normally get two or three hits on ssh per day. From LogWatch this morning: ---------------- Connections (secure-log) Begin ------------------- **Unmatched Entries** Sep 29 09:38:38 low sshd[17083]: Did not receive identification string from 155.135.21.52 Sep 29 09:38:50 low sshd[17084]: Did not receive identification string from 155.135.21.52 Sep 29 10:39:59 low sshd[17134]: Did not receive identification string from 64.86.51.194 Sep 29 11:14:58 low sshd[17172]: Did not receive identification string from 192.100.172.221 Sep 29 11:15:34 low sshd[17175]: Did not receive identification string from 141.158.192.201 Sep 29 11:48:20 low sshd[17201]: Did not receive identification string from 63.94.149.93 Sep 29 11:51:24 low sshd[17211]: Did not receive identification string from 195.39.45.186 Sep 29 18:44:03 low sshd[17692]: Did not receive identification string from 66.84.209.226 Sep 29 19:03:35 low sshd[17718]: Did not receive identification string from 66.150.105.38 Sep 29 19:18:32 low sshd[17736]: Did not receive identification string from 210.33.44.12 Sep 29 19:59:58 low sshd[17774]: Did not receive identification string from 163.180.17.91 Sep 29 20:33:03 low sshd[17807]: Did not receive identification string from 196.40.3.74 Sep 29 20:42:53 low sshd[17815]: Did not receive identification string from 140.127.192.30 At least one of the hosts involved shows up at dshield.org with evidence of a slapper infestation. Anyone seeing anything similar? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 04:45:39 PDT