Re: [fw-wiz] Increase in SSH Probing

From: Christine Kronberg (Christine_Kronberg_at_genua.de)
Date: 10/25/04

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"
    To: Mathew Want <mathew.want@ac3.com.au>
    Date: Mon, 25 Oct 2004 12:14:13 +0200 (CEST)
    
    

       Hiho,

    > I was wondering if anyone else had noticed a large increase in scans and
    > crack attempts against SSH. I found a reference to
    > http://www.k-otik.com/exploits/08202004.brutessh2.c.php which would
    > explain the pattern of usernames I had seen originally (i.e. test, guest and
    > root).
    >
    > I am more curious to know if anyone else is seeing the same thing or if I
    > am being singled out for persicution :-)

       You are not singled out. I see the same on my private computer.
       There is obviously a new script running around which tries a
       lot more passwords for a variety of usernames. I tried to catch
       the thingy on a pseudo honeypot but only got ptrace etc. exploits.
       I wonder if there are really node out there which are not honeypots
       but do have these accounts with such silly passwords open.

       Regards,

                                                         Chris Kronberg.

    -- 
    GeNUA mbH
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"

    Relevant Pages

    • Re: ssh: Permission denied
      ... But think of it this way: you see all those log files with people trying to GUESS usernames: fred, mary, joe, jane.... ... Once access is gained, there are no restrictions on what the user can do, as they are root. ... So the risk must not be from password-bots. ... Now, at this stage actually creating a separate account on my box, an account I will never use for anything except to do su - seems ridiculous. ...
      (Fedora)
    • RE: Help! Red hat doesnt recognize any usernames!
      ... Are you still unable to login as root? ... into single user mode? ... Red hat doesn't recognize any usernames! ... After it crashed, it came up, but doesn't recognize any usernames at ...
      (RedHat)
    • Re: ssh: Permission denied
      ... to GUESS usernames: fred, mary, joe, jane.... ... NOT allow root access so they MUST guess your username as well as key, ... pairs for authorization, then they have first get your private key, ...
      (Fedora)
    • Re: if im root and a user loses their password, how do I find it?
      ... I'm root and a user is asking me what their password is. ... I tried etc/passwrd but that only had a list of usernames. ... can't try to brute force the encrypted passwords at his leisure on ... some remote system before he tries to gain access to the system. ...
      (alt.linux)
    • Re: Display Manager Problems -- CRY FOR HELP
      ... > root. ... > other usernames. ... That has made a real mess of my email archive!!! ... To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org ...
      (Debian-User)