[CLUE-Tech] SSH probes
Timothy C. Klein
teece at silverklein.net
Tue Apr 16 17:37:34 MDT 2002
* Sean LeBlanc (seanleblanc at attbi.com) wrote:
> I'm seeing a few of these too, now that you mention it. In
> /var/log/messages, I have some entries from as far back as March 18 (haven't
> looked in older logs yets) that look something like this:
>
> Apr 16 13:00:11 192 sshd[1777]: Protocol major versions differ for
> 195.166.232.1: <myversion> vs. SSH-1.0-SSH_Version_Mapper
>
> Is this Version Mapper something used to look for exploitable ssh daemons?
>
If I am remembering right, it is a legitimate tool, used to gather SSH
versions (and thus protocols), and host keys, to develop a list of SSH
sites for a LAN. Seeing as it is coming to you blind, I bet they are
not benign, per se, but are just like port scan. I get them a lot, too.
Tim
--
==============================================
== Timothy Klein || teece at silverklein.net ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================
More information about the clue-tech
mailing list