[PLUG] nmap, curiosity, and courtesy
clydefrog at adnap.no-ip.com
Sat Sep 18 11:04:02 PDT 2004
On Fri, 2004-09-17 at 07:34, Keith Lofstrom wrote:
> The attempted ssh breakins that show up in my logs are getting lengthier
> if not any more successful. I am curious about the machines that are
> launching the attacks. I can do DNS lookups on them, of course, but I
> am curious about flavor of Linux they are using, etc. Among other things,
> this comes in handy when I am advising others about more vs. less secure
> versions of Linux.
> I can run nmap against the offending machines, and find out more about
> them, but this seems impolite (Mom said "two wrongs do not make a
> right"), and possibly a source of trouble. What are the opinions here?
Another option to find out what kind of machine it is is to contact
$ telnet 188.8.131.52 22
Connected to 184.108.40.206.
Escape character is '^]'.
Sometimes this can tell you what distro it is (no luck this time). On my
debian system this is what I see:
SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8
Other people have found the attackers to be running an old RedHat.
More information about the PLUG