Abuse: user on my server probed another ip...
------------------------------------------------------------
SUSPECT IP: xxxxxxxx
A user, apparently on your network, probed port 22 (ssh) on the IPs shown
in the log excerpt below. Given vulnerabilities in some implementations,
as well as its uses in automated OS scanning, this network probe should
be regarded as a hostile action.
All timestamps are in GMT
Feb 13 23:16:50 DENY proto tcp xxxxxxxx
:36563 xxxxxxxx
:22 L=44 S=0x00 I=51356 F=0x4000 T=49 SYN
--------------------------------------------------
So apparently someone hosted under my server was probing port 22 on another server.
My question is, how do i figure out who did this ? Is there any way ?
Will removing shell access from them all help in overcoming this ?
