Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

proof of someone banner grabbing me?

From: rik <rik () m-net arbornet org>
Date: Sun, 7 Sep 2003 22:32:49 -0400 (EDT)
tonight when i checked my /var/log/authlog, i noticed the following -

Sep  5 18:15:29 spartacus sshd[32045]: Did not receive identification
string from 68.73.0.31

Sep  5 18:15:44 spartacus sshd[8613]: Bad protocol version identification
'\^V\^C\^A' from 68.73.0.31

Sep  5 18:15:44 spartacus sshd[5376]: Bad protocol version identification
'\^V\^C' from 68.73.0.31

Sep  5 18:15:49 spartacus sshd[9297]: Did not receive identification
string from 68.73.0.31

Sep  5 18:15:50 spartacus sshd[27589]: Bad protocol version identification
'GET / HTTP/1.0' from 68.73.0.31

Sep  5 18:16:17 spartacus sshd[25053]: Connection closed by 68.73.0.31
Sep  5 18:16:17 spartacus sshd[6638]: Connection closed by 68.73.0.31
Sep  5 18:16:17 spartacus sshd[28447]: Connection closed by 68.73.0.31
Sep  5 18:16:17 spartacus sshd[25414]: Connection closed by 68.73.0.31

Sep  5 18:16:17 spartacus sshd[10489]: Did not receive identification
string from 68.73.0.31

Sep  5 18:16:18 spartacus sshd[8764]: Connection closed by 68.73.0.31

Sep  5 18:17:02 spartacus sshd[30620]: Bad protocol version identification
'`' from 68.73.0.31

Sep  5 18:17:02 spartacus sshd[25307]: Bad protocol version identification
'`/bin/id` #' from 68.73.0.31

Sep  5 18:17:02 spartacus sshd[24725]: Bad protocol version identification
'`/usr/bin/id` #' from 68.73.0.31

Sep  5 18:17:04 spartacus sshd[19385]: Did not receive identification
string from 68.73.0.31

am i correct in believing this is someone's attempt to enumerate info on
my machine?

thanks in advance,

-r


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: