I have a Solaris server at work running SSH-2.0-2.0.13 and lately I've noticed weird addresses in the logs attempting to connect to the sshd server. It seems that we have similar problems. Here are a few examples of the log entries:
Dec 27 18:55:10 sshd2: refused connect from webcoenvironmental.com Dec 28 07:48:32 sshd2: refused connect from tripleimage.nobleimage.com Dec 29 16:00:02 sshd2: refused connect from nikita.csun.edu I'm running tcp wrappers to only allow certian ip addresses to access the ssh server, so I'm probably okay but does anyone know if there are any security holes in the version of ssh that I am running? Charlie Bebber wrote: >Mike Leone said: > >>Meanwhile, that IP belongs to www.picantecorp.com. "A Leader in Email >>Enhancement Products and Services". >> >>Why would they want to SSH scan you? You work for them? Are a customer? >>Collect the same baseball cards as the webmaster? What? >> > >Yeah, I looked that info up too and I just can't figure out why someone in >College Station, Texas would SSH scan me (especially from their web server >which is to what that IP maps). > >>I'd semi-politely mention to them, to DON'T BE DOING THAT TO ME, >>please. >> >>Of course, they may not even know that they're doing it. >> > >Yeah, I think I'll do that. Just thought it was interesting. > >-Charlie > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
