Web Hosting Talk






PDA

View Full Version : No panic . . . but I do Panic . . wouldn't You

sanuk
04-10-2002, 06:44 AM
Hi,

new to this board and also new to a Dedicated server since 2 weeks (Unix).
I just received an email called :
"Unusual System Events" from my server (root).

and look what's inside:

DO I PANIC. . . . Yes/No
and what is it ??????????????????????????????
=========================================
Apr 10 13:39:07 myserver1 stunnel[8043]: FD_SETSIZE=16384, file ulimit=1024 -> 500 clients allowed
Apr 10 13:39:07 myserver1 stunnel[8047]: FD_SETSIZE=16384, file ulimit=1024 -> 500 clients allowed
Apr 10 13:39:07 myserver1 stunnel[8045]: FD_SETSIZE=16384, file ulimit=1024 -> 500 clients allowed
Apr 10 13:39:07 myserver1 stunnel[8050]: FD_SETSIZE=16384, file ulimit=1024 -> 500 clients allowed
Apr 10 13:39:07 myserver1 stunnel[8052]: FD_SETSIZE=16384, file ulimit=1024 -> 500 clients allowed
Apr 9 22:12:57 myserver1 sshd[5259]: scanned from 193.232.254.20 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Apr 9 22:12:57 myserver1 sshd[5252]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:58 myserver1 sshd[5253]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:58 myserver1 sshd[5260]: scanned from 193.232.254.20 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Apr 9 22:12:58 myserver1 sshd[5261]: scanned from 193.232.254.20 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Apr 9 22:12:58 myserver1 sshd[5251]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5262]: scanned from 193.232.254.20 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Apr 9 22:12:59 myserver1 sshd[5250]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5255]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5256]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5254]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5257]: Did not receive identification string from 193.232.254.20
Apr 9 22:12:59 myserver1 sshd[5258]: Did not receive identification string from 193.232.254.20
=========================================
Regards,
Sanuk
priyadi
04-10-2002, 08:15 AM
No need to panic at all

- the stunnel messages is informational only and probably harmless
- somebody scanned your sshd version from 193.232.254.20, don't panic unless you are running an old version of sshd. it could bad guys, but it could also be good guys, like your ISP scanning their own network for vulnerabilities
- "Did not receive identification string" messages are harmless, it means the remote side doesn't have identd running
bacid
04-10-2002, 12:17 PM
just make sure you have OpenSSH_3.1p1 running and its set to only use SSH2

the exploits out right now only affect version below that..
sanuk
04-10-2002, 12:52 PM
Hi,
and thanks for the fast reply

The scanner is for sure not my ISP.
I looked it up and 193.232.254.20 translates to:
netname: PGUNET
descr: Petrozavodsk State University RU
meaning a russian site

And yes I am running SSH2

Thanks to all and Regards,
Sanuk