[fw-wiz] SSH brute force attack

From: Toderick, Lee W (TODERICKL_at_MAIL.ECU.EDU)
Date: 06/24/05

  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 24 Jun 2005 13:17:17 -0400
    
    
    

    Greetings!

    Our computers running SSH daemons have logged attacks. The attacks begin
    with a scan logged "Did not receive identification string from x.x.x.x",
    followed approximately 15 minutes later with "Illegal user " or " Failed
    password for root".

    Does anyone have information or documentation about this scan/attack?
    Following is a list of Illegal users:
    # cat secure.4 | grep "193.24.213.216" | cut -d " " -f6-12 | grep "Illegal"
    | cut -d " " -f 3
    sun0s
    reboot
    reboot
    flood
    irc
    key
    david
    htpd
    httpd
    jared42
    cchen
    admin
    admin
    admin
    admin
    test
    test
    test
    test
    test
    test
    test
    admin
    akcesbenefit
    b3
    njproghouse
    schaiderhair
    perseus
    guardit
    phpbb
    bejgli
    forums
    temp
    eric
    staff
    bb
    maggie
    rock
    sandra
    kim
    recruit
    alina
    dana
    bloodclansb
    jeff

    Thanks,
    Lee Toderick

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"