|
Hi , I got the below message from one of our servers: OSSEC HIDS Notification. 2007 Sep 12 16:24:25 Received From: birdy->/var/log/secure Rule: 5701 fired (level 12) -> "Possible attack on the ssh server (or version gathering)." Portion of the log(s): Sep 12 16:24:24 raven sshd[647]: Bad protocol version identification '\377\364\377\375\006' from UNKNOWN I see that it is a possible scan....is that something I should be worried about. I haven't got a Level 12 alert before. Please advise. Regards, Eric |
- [ossec-list] Alert level 12 Eric Yeoh
- [ossec-list] Re: Alert level 12 Daniel Cid
