[Full-Disclosure] scanning IP Address List
David Hane
dlhtux at sbcglobal.net
Tue Aug 3 18:20:44 BST 2004
Hey all,
I know everyone has been talking about failed ssh logins using default
usernames. I've also started seeing a lot of SSH version scanning and failed
connections to my mail servers. The funny thing is, I have servers in
different IP ranges located throughout the country yet some of the offending
IP addresses are the same.
Has anyone else seen a noticeable increase in these other types of "hacks"?
More specifically are these IP addresses hitting anyone else out there?
Log samples:
222.183.140.102 - did not issue MAIL/EXPN/VRFY/ETRN during connection to
MTA-v4
65.119.27.221 - sshd Timeout before authentication
147.46.40.65 - SSH-1.0-SSH_Version_Mapper scan
204.211.2.57 - Illegal user test
Full-Disclosure is hosted and sponsored by Secunia.