PCAnywhere can also be configured to listen on port 22. It has the
capability to scan a range of hosts for other listening pcanywhere
servers. This is likely just somebody running a pcAnywhere scan. They
might not even be aware they are doing it - some versions (as I recall)
perform the scan automatically on startup.
Hmm... though as I recall I believe it is UDP 22 that pcAnywhere binds
to... anyway, that is an alternate explanation.
dman wrote:
I'm sitting at home on the console right now. I noticed this in
xconsole, copied from /var/log/auth.log :
Jan 24 23:23:50 dman sshd[3760]: Did not receive identification string from
216.153.138.132
Jan 24 23:24:37 dman sshd[3776]: Disconnecting: Corrupted check bytes on input.
It appears that someone is trying to ssh to my machine, but didn't do
it right. Is this deduction correct? I looked up that machine and
found :
$ host 216.153.138.12
Name: host-216-153-138-12.choiceone.net
Address: 216.153.138.12
$ nmap 216.153.138.12
(The 1545 ports scanned but not shown below are in state: closed)
Port State Service
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
5631/tcp open pcanywheredata
Looks like a windows machine to me. Is this just a fluke, or is there
some new worm/exploit going around?
Any thoughts, comments?
-D
--
ACHERON
[EMAIL PROTECTED]
