[lug] Mystery SSH diagnostic lines
Simos
blug at chinesetearoom.com
Sun Aug 1 13:03:11 MDT 2021
On Sun, 01 Aug 2021 12:27:02 -0600 Mike Witt <msg2mw at gmail.com> wrote:
>
> On 08/01/2021 11:42:20 AM, Simos wrote:
> > Hi,
> >
> > Looks like a port scan to me.
>
> Wouldn't that have tried more than just those two ports?
Maybe for now it's just probing open SSH ports? Also, how do you know that
nothing else is being port scanned? The log lines you forwarded seem to be
from standard syslog/auth logs which would not necessarily log port scan
attempts unless the individual services themselves (like sshd) did so.
To be clear, I'm not saying it's malware and it's unlikely that it *is*
malware. However, a Windows malware scan would be on the list of things I
would run if I wanted to dig deeper into this.
> > Have you tried running something like
> > a MalwareBytes scan on your wife's Windows laptop just in case?
>
> Do you happen to know if "Avast" would catch this? That's what she had
> installed.
Depending on whom you ask, Malwarebytes seems to have a better reputation
than Avast. Either way, it doesn't hurt to get a "second opinion" from
another (freely available) scanner.
Good luck!
Simos
More information about the LUG
mailing list