Hi Raul, You could access the ARIN (American Registry of Internet Numbers) web site at http://www.arin.net to find out the provider who has registered the IP address in question, and contact that provider. I have certainly dealt with those sorts of security inqueries at work on a number of occasions. At 09:11 AM 1/23/2002 -0600, you wrote: >Darrell Shandrow said the following on Tue, Jan 22, 2002 at 08:43:41PM -0700: > > Hi Raul, > > > > Hmmm, looks like a rather persistent port scan, in my estimation. > > > > At 11:04 PM 1/20/2002 -0600, you wrote: > > >Hey gang. I received this log entry and am not sure if it's a portscan > > >of some type or not. Anyone seen this before? > > > > > >Jan 20 19:23:25 saidin sshd[4209]: scanned from 195.178.168.129 with > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > >Jan 20 19:24:47 saidin sshd[4216]: scanned from 195.178.168.129 with > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > >Jan 20 19:26:00 saidin sshd[4220]: scanned from 195.178.168.129 with > > >+SSH-1.0-SSH_Version_Mapper. Don't panic. > > >I thought so at first but usually portscans will scan more ports than >ssh. Besides I'm not worried about anyone breaking in via ssh. My ssh >is secure and does not allow root to ssh in anyway. I also didn't see >any other portscans on any other ports. What it seems to me is that >they were trying to use ssh1 to connect on ssh2 or something but who >knows. It has not happened since so I am not worried. > >-- >We are writing this e-mail to inform you that the mail server is down. >Please do not call the help desk for assistance. To see the progress of >any outage refer to your e-mail notifications. >Raul A. Gallegos - http://www.asmodean.net > >_______________________________________________ >Speakup mailing list >Speakup at braille.uwo.ca >http://speech.braille.uwo.ca/mailman/listinfo/speakup Best regards and happy New Year, Darrell Access technology consulting / network and UNIX systems administration.
