Re: [fw-wiz] Increase in SSH Probing

From: Christine Kronberg (
Date: 10/25/04

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"
    To: Mathew Want <>
    Date: Mon, 25 Oct 2004 12:14:13 +0200 (CEST)


    > I was wondering if anyone else had noticed a large increase in scans and
    > crack attempts against SSH. I found a reference to
    > which would
    > explain the pattern of usernames I had seen originally (i.e. test, guest and
    > root).
    > I am more curious to know if anyone else is seeing the same thing or if I
    > am being singled out for persicution :-)

       You are not singled out. I see the same on my private computer.
       There is obviously a new script running around which tries a
       lot more passwords for a variety of usernames. I tried to catch
       the thingy on a pseudo honeypot but only got ptrace etc. exploits.
       I wonder if there are really node out there which are not honeypots
       but do have these accounts with such silly passwords open.


                                                         Chris Kronberg.

    GeNUA mbH
    firewall-wizards mailing list

  • Next message: Hughes, Chris: "RE: [fw-wiz] Pass-through VPN"