On Thu, Sep 12, 2002 at 12:55:51AM +0500, Naseer Bhatti wrote: > Sep 10 01:15:33 redy sshd[5332]: scanned from 66.x.x.253 with > SSH-1.0-SSH_Version_Mapper_Servers_Alive_3.1.1043. Don't panic. [...] > is this some sort of scanning or internal sshd behavior? I am using Open SSH > 3.4 with Protocol 2 only on Linux. I am getting this from mainly 2 IPs on > the same network I am. Any help would be appreciated.
This is more or less normal behavior. It means someone on your network is scanning your ssh daemon to see what version you are running. Normally, system administrators run this every once in a while to make sure their users don't have vulnerable ssh daemons running. http://www.citi.umich.edu/u/provos/ssh/ for the most popular ssh scanning program. Just make sure you are up-to-date with openssh patches and don't panic. :) -- It seems the power has been robbed from the founding fathers and is now firmly in the hand of the funding fathers -- Rik van Riel
msg00443/pgp00000.pgp
Description: PGP signature
