dave.goldsmithINTELSAT.INT

• Next message: Jeff Palmer: "Re: New gnutella worm found in the wild."
• Previous message: Fredrik Ostergren: "Re: Strange distributed scan/probe activity"
• Maybe in reply to: John Kristoff: "Automated SSH scanning"
• Next in thread: Jeff Palmer: "Re: New gnutella worm found in the wild."
• Maybe reply: David Goldsmith: "Re: Automated SSH scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to the last paragraph on the page you reference, they are willing
to exclude netblocks:

"If you truly have a problem with this machine sampling your hosts, please
filter traffic originating from ssh-research-scanner.ucs.ualberta.ca
(129.128.8.230) Alternatively, if you are unable to filter the traffic to
your net originating from this host, please email a list of your network
blocks to excludessh-research-scanner.ucs.ualberta.ca. We will add your
networks to an exclusion list of addresses that will not be examined, and
e-mail you back a confirmation of this."

R/S

Dave Goldsmith

-----Original Message-----
From: John Kristoff [mailto:jtkDEPAUL.EDU]
Sent: Monday, July 24, 2000 8:07 PM
To: INCIDENTSSECURITYFOCUS.COM
Subject: Automated SSH scanning

Saw some SSH probes today, which frightened me somewhat. It turns out
to be survey profiling device. This machine (the source of the probes),
offer's some brief details:

http://ssh-research-scanner.ucs.ualberta.ca/

Although it would be nice if *they* filtered the netblocks people didn't
want scanned rather than placing the burden on the sites they are
scanning.

John

• Next message: Jeff Palmer: "Re: New gnutella worm found in the wild."
• Previous message: Fredrik Ostergren: "Re: Strange distributed scan/probe activity"
• Maybe in reply to: John Kristoff: "Automated SSH scanning"
• Next in thread: Jeff Palmer: "Re: New gnutella worm found in the wild."
• Maybe reply: David Goldsmith: "Re: Automated SSH scanning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]