You are not logged in.

#1 2004-11-03 19:19:40

Dreameen
Member
From: Poland
Registered: 2004-09-06
Posts: 252

sshd logs

Nov  3 14:35:09 DreaM sshd[6813]: Bad protocol version identification '23BitTorrent protocol' from 201.128.234.36
Nov  3 14:44:41 DreaM sshd[6933]: Bad protocol version identification '23BitTorrent protocol' from 201.128.234.36
Nov  3 14:48:13 DreaM sshd[6966]: Did not receive identification string from 82.251.122.250

Is it some kind of attack?? But why BitTorrent??
Is it possible to check these IP's in some kind of database?

Ok. I've traced the Ip's and the first one seems to be from Mexico and the second one from Paris. Strange but true. Now, if I only knew how the hell did they managed to find my host. I'm not running sshd on a standard port, but still they managed to 'knock on my door' wink

Offline

#2 2004-11-03 19:49:17

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: sshd logs

here's what I suspect:
Bittorrent uses a wide range of ports - the newest version uses 10000-60000.. older versions use 8900-8999 IIRC.
Each stream opens it's own port, so as to be able to connect to many different seeders at once.
Each seeder (non-firewalled downloader) on the bittorrent tracker registers its IP and port... it is possible that due to dynamic IPs, your IP had been registered as a seeder with some random tracker out there... I'm not 100% sure, but it may scan the whole range of ports if it's down - this is probably the crap you get every now and then from BT downloads: "Error connecting in seed, unknown port"

Offline

#3 2004-11-03 22:52:13

Dreameen
Member
From: Poland
Registered: 2004-09-06
Posts: 252

Re: sshd logs

Yes, I think you're right. So I guess that it's nothing to worry about. Anyway, I'll read some articles to improve security.

Offline

#4 2004-11-04 01:30:20

oscar
Member
From: Linköping, Sweden
Registered: 2004-08-13
Posts: 457

Re: sshd logs

Dreameen wrote:

Yes, I think you're right. So I guess that it's nothing to worry about. Anyway, I'll read some articles to improve security.

the easiest way to keep a computer safe would be to keep it offline wink


To err is human... to really foul up requires the root password.

Offline

#5 2004-11-04 11:00:50

Dreameen
Member
From: Poland
Registered: 2004-09-06
Posts: 252

Re: sshd logs

Yeh, that is so right lol

I'm not that paranoid. If I had some really important data then who knows. For now, I just want to know how to secure a system, it's always useful.

Offline

Board footer

Powered by FluxBB