Re: [fw-wiz] Increase in SSH Probing

From: Christine Kronberg (Christine_Kronberg_at_genua.de)
Date: 10/25/04

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"
    To: Mathew Want <mathew.want@ac3.com.au>
    Date: Mon, 25 Oct 2004 12:14:13 +0200 (CEST)
    
    

       Hiho,

    > I was wondering if anyone else had noticed a large increase in scans and
    > crack attempts against SSH. I found a reference to
    > http://www.k-otik.com/exploits/08202004.brutessh2.c.php which would
    > explain the pattern of usernames I had seen originally (i.e. test, guest and
    > root).
    >
    > I am more curious to know if anyone else is seeing the same thing or if I
    > am being singled out for persicution :-)

       You are not singled out. I see the same on my private computer.
       There is obviously a new script running around which tries a
       lot more passwords for a variety of usernames. I tried to catch
       the thingy on a pseudo honeypot but only got ptrace etc. exploits.
       I wonder if there are really node out there which are not honeypots
       but do have these accounts with such silly passwords open.

       Regards,

                                                         Chris Kronberg.

    -- 
    GeNUA mbH
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"