My System : Slackware 9.1

This morning In my logwatch email I got

--------------------- SSHD Begin ------------------------

Did not get an ident string from these:
www.pavonet.com (209.126.168.231)

---------------------- SSHD End -------------------------

I went to pavonet.com and there is just a phone number listed 1-866-761-4196, I did a whois and there wasn't any information, they claim the domain is free.

I checked my messages log and this is the line in there

Mar 24 22:50:45 bedroom sshd[25482]: Did not receive identification string from 209.126.168.231

I couldn't find where the www.pavonet.com data was?
cat /var/log/messages | grep www.pavonet.com returned nothing

Help, how did they get that in there. Should I call the number?

I'm scared

Did not get an ident string from these: www.pavonet.com (209.126.168.231)
AFAIK a session that's set up but not continued into authentication, IOW, a scan.
This host has been scanning at least 2000 hosts in the last few days for port TCP/22.


Help, how did they get that in there.
It's a message of the "informative" level, nothing more.


Should I call the number?
No. The proper route would be to file a complaint at abuse@cari.net, but usually this won't get you nowhere.


I'm scared
Don't be. Do this: if your version of OpenSSH is compiled with libwrap, restrict the hosts/ranges allowed to connect by adding them to /etc/hosts.allow and make sure /etc/hosts.deny contains one line "ALL: ALL". Then restrict the hosts/ranges allowed to connect by adding them to the firewall.
Add Snort. If they're scanning for some known exploit you should be alerted.

Thanks, I'll do that. What do you think that phone number is? I wanna call from a pay phone and be like.. AHHHHHHHHHHHHH

I'm sure you could find better and more enjoyable ways of spending your time and money...