Re: [fw-wiz] Increase in SSH Probing
From: Christine Kronberg (Christine_Kronberg_at_genua.de)
Date: 10/25/04
- Previous message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"
- In reply to: Mathew Want: "[fw-wiz] Increase in SSH Probing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Mathew Want <mathew.want@ac3.com.au> Date: Mon, 25 Oct 2004 12:14:13 +0200 (CEST)
Hiho,
> I was wondering if anyone else had noticed a large increase in scans and
> crack attempts against SSH. I found a reference to
> http://www.k-otik.com/exploits/08202004.brutessh2.c.php which would
> explain the pattern of usernames I had seen originally (i.e. test, guest and
> root).
>
> I am more curious to know if anyone else is seeing the same thing or if I
> am being singled out for persicution :-)
You are not singled out. I see the same on my private computer.
There is obviously a new script running around which tries a
lot more passwords for a variety of usernames. I tried to catch
the thingy on a pseudo honeypot but only got ptrace etc. exploits.
I wonder if there are really node out there which are not honeypots
but do have these accounts with such silly passwords open.
Regards,
Chris Kronberg.
-- GeNUA mbH _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Maarten Hartsuijker: "[fw-wiz] fortigate firewall IPS capabilities"
- In reply to: Mathew Want: "[fw-wiz] Increase in SSH Probing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
