Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: William Wong on March 02, 2002, 04:21:56 PM

Title: SSH scan
Post by: William Wong on March 02, 2002, 04:21:56 PM

I am running SME V5.0 with all three updates.  I spotted the following scanning from /var/log/messages, shall I worry ?

Thank you in advance for any suggestion.


William



messages:Mar  1 06:52:35 eserver sshd[15604]: scanned from 211.22.1.150 with SSH
-1.0-SSH_Version_Mapper.  Don't panic.
messages:Mar  1 23:07:00 eserver sshd[15901]: scanned from 64.220.67.141 with SS
H-1.0-SSH_Version_Mapper.  Don't panic.
messages.1:Feb 17 06:24:44 eserver sshd[10331]: scanned from 196.41.160.194 with
 SSH-1.0-SSH_Version_Mapper.  Don't panic.
messages.1:Feb 18 01:45:35 eserver sshd[10660]: scanned from 213.96.130.132 with
 SSH-1.0-SSH_Version_Mapper.  Don't panic.
messages.1:Feb 21 16:07:59 eserver sshd[12220]: scanned from 202.57.96.75 with S
SH-1.0-SSH_Version_Mapper.  Don't panic.
messages.1:Feb 23 00:14:15 eserver sshd[12788]: scanned from 202.109.129.32 with
 SSH-1.0-SSH_Version_Mapper.  Don't panic.
messages.2:Feb 10 23:18:23 eserver sshd[6417]: scanned from 217.96.151.145 with
SSH-1.0-SSH_Version_Mapper.  Don't panic.
messages.2:Feb 13 10:13:51 eserver sshd[8074]: scanned from 211.184.216.99 with
SSH-1.0-SSH_Version_Mapper.  Don't panic.
messages.2:Feb 14 08:30:14 eserver sshd[8751]: scanned from 63.204.22.67 with SS
H-1.0-SSH_Version_Mapper.  Don't panic.

Title: Re: SSH scan
Post by: Jean-Philippe on March 02, 2002, 07:41:46 PM

These IPs only seem to "version" you, that's to say looking for your server's type... This can be a preliminary job for a hack, though...
I use Portsentry from http://seawolf.freshrpms.net/pub/portsentry/portsentry-1.1-fr4.i386.rpm to be safe (I start it at boot time by adding /etc/rc.d/init.d/portsentry start to /etc/rc.d/rc.local) Hope this will help...

Title: Re: SSH scan
Post by: Jean-Philippe on March 02, 2002, 07:43:10 PM

HTML don't seem to be allowed here : sorry 'bout that !!!

Title: Re: SSH scan
Post by: William Wong on March 03, 2002, 03:04:10 AM

Thx for the reply first. Now I understand it is only checking out the version of the sshd - kind of capability handshake.

May I know is it possible to configure the sshd to accept only a minimum version of ssh client connection since it seems that version 2 is more secure than version 1.

Any thought ?


Thx again for any suggestion in advance.


William