Re: [fw-wiz] Increase in SSH Probing
From: Christine Kronberg (Christine_Kronberg_at_genua.de)
To: Mathew Want <email@example.com> Date: Mon, 25 Oct 2004 12:14:13 +0200 (CEST)
> I was wondering if anyone else had noticed a large increase in scans and
> crack attempts against SSH. I found a reference to
> http://www.k-otik.com/exploits/08202004.brutessh2.c.php which would
> explain the pattern of usernames I had seen originally (i.e. test, guest and
> I am more curious to know if anyone else is seeing the same thing or if I
> am being singled out for persicution :-)
You are not singled out. I see the same on my private computer.
There is obviously a new script running around which tries a
lot more passwords for a variety of usernames. I tried to catch
the thingy on a pseudo honeypot but only got ptrace etc. exploits.
I wonder if there are really node out there which are not honeypots
but do have these accounts with such silly passwords open.
-- GeNUA mbH _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards