Date: Sat, 14 Sep 2013 15:06:11 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: freebsd-security@freebsd.org Subject: Re: Odd sshd entry in auth.log Message-ID: <52345F43.5070601@digiware.nl> In-Reply-To: <20130914120151.GY25357@albert.catwhisker.org> References: <20130914120151.GY25357@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-09-14 14:01, David Wolfskill wrote: > Sep 13 12:43:24 albert sshd[43949]: fatal: Read from socket failed: Connection reset by peer [preauth] I see plentyu of these, if only because I test the sshd availablity with nagios without actually going thru the full login... I just abort once I see sshd report it's availability on the port. Hence the 'reset by peer [preauth].' Like DES says: Scanners generate more or less the same behavior. They scan, and try to determine if you are running a vulnerable sshd or something else they can work with.... I still have a wish on my todo to see if it is possible to report the ipnr... And then block hosts with to many tries. But it's not really high on the agenda... --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52345F43.5070601>