[fw-wiz] SSH brute force attack

From: Toderick, Lee W (TODERICKL_at_MAIL.ECU.EDU)
Date: 06/24/05

  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 24 Jun 2005 13:17:17 -0400
    
    
    

    Greetings!

    Our computers running SSH daemons have logged attacks. The attacks begin
    with a scan logged "Did not receive identification string from x.x.x.x",
    followed approximately 15 minutes later with "Illegal user " or " Failed
    password for root".

    Does anyone have information or documentation about this scan/attack?
    Following is a list of Illegal users:
    # cat secure.4 | grep "193.24.213.216" | cut -d " " -f6-12 | grep "Illegal"
    | cut -d " " -f 3
    sun0s
    reboot
    reboot
    flood
    irc
    key
    david
    htpd
    httpd
    jared42
    cchen
    admin
    admin
    admin
    admin
    test
    test
    test
    test
    test
    test
    test
    admin
    akcesbenefit
    b3
    njproghouse
    schaiderhair
    perseus
    guardit
    phpbb
    bejgli
    forums
    temp
    eric
    staff
    bb
    maggie
    rock
    sandra
    kim
    recruit
    alina
    dana
    bloodclansb
    jeff

    Thanks,
    Lee Toderick

    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"

    Relevant Pages

    • Re: Easy way/script to add another user like me?
      ... have to do to give a user sudo privileges is to add them to the ... # Members of the admin group may gain root privileges ... of cracking the root password because they already know the ...
      (Ubuntu)
    • Re: Randy
      ... There is no longer the recommended scenario to create an empty forest root. ... hold the enterprise admin group and to hold the forest schema operations ...
      (microsoft.public.windows.server.active_directory)
    • Problems setting up Samba+LDAP PDC in Debian Sarge
      ... Integration test, when I added an admin user, got it on the "Domain ... SeMachineAccountPrivilege: ... to work using root nor Manager. ... uidNumber: 998 ...
      (Debian-User)
    • Re: Vista makes me crazy, please help.
      ... You obviously have not worked with systems other then windows - or you ... mainstream platform allows it's users to run as an admin by default. ... I don't use Linux or Mac. ... Any applications that need root access will usually prompt for a password. ...
      (microsoft.public.vb.general.discussion)
    • Re: Apple recommending anti-virus software for Macs?
      ... as root, but I have yet to see anyone explain _why_. ... You can tell whether you are an admin by pulling up SysPrefs->Accounts ... Two heads mean the group permission details. ... from your daily account splits into owner-users and company sysadmins, ...
      (comp.sys.mac.system)