Interpreting Messages from SSH about security cracking attempts?

I just got XFinity and it alerted me to 4 attempts on my OpenWRT router; but only one of them appeared in the logs on a Linux device behind it.

sshd[4227]: Bad protocol version identification '\003' from port 63920.

I have secured the device in question with a public / private keypair, but I just wondered if anyone knew what the log file entry might mean, or why Xfinity caught 4 of them, but I only saw one.

Does searching for Bad protocol version identification '\003' lead to anything usefull?

1 Like