[fw-wiz] SSH brute force attack

From: Toderick, Lee W (TODERICKL_at_MAIL.ECU.EDU)
Date: 06/24/05

Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"

Previous message: sin: "Re: [fw-wiz] Host based vs network firewall in datacenter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Fri, 24 Jun 2005 13:17:17 -0400

Greetings!

Our computers running SSH daemons have logged attacks. The attacks begin
with a scan logged "Did not receive identification string from x.x.x.x",
followed approximately 15 minutes later with "Illegal user " or " Failed
password for root".

Does anyone have information or documentation about this scan/attack?
Following is a list of Illegal users:
# cat secure.4 | grep "193.24.213.216" | cut -d " " -f6-12 | grep "Illegal"
| cut -d " " -f 3
sun0s
reboot
reboot
flood
irc
key
david
htpd
httpd
jared42
cchen
admin
admin
admin
admin
test
test
test
test
test
test
test
admin
akcesbenefit
b3
njproghouse
schaiderhair
perseus
guardit
phpbb
bejgli
forums
temp
eric
staff
bb
maggie
rock
sandra
kim
recruit
alina
dana
bloodclansb
jeff

Thanks,
Lee Toderick

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

application/x-pkcs7-signature attachment: smime.p7s

Next message: Kevin Sheldrake: "Re: [fw-wiz] Transitive Trust: 40 million credit cards hack'd"

Previous message: sin: "Re: [fw-wiz] Host based vs network firewall in datacenter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Easy way/script to add another user like me?
... have to do to give a user sudo privileges is to add them to the ... # Members of the admin group may gain root privileges ... of cracking the root password because they already know the ...
(Ubuntu)
Problems setting up Samba+LDAP PDC in Debian Sarge
... Integration test, when I added an admin user, got it on the "Domain ... SeMachineAccountPrivilege: ... to work using root nor Manager. ... uidNumber: 998 ...
(Debian-User)
Re: Vista makes me crazy, please help.
... You obviously have not worked with systems other then windows - or you ... mainstream platform allows it's users to run as an admin by default. ... I don't use Linux or Mac. ... Any applications that need root access will usually prompt for a password. ...
(microsoft.public.vb.general.discussion)
Re: Apple recommending anti-virus software for Macs?
... as root, but I have yet to see anyone explain _why_. ... You can tell whether you are an admin by pulling up SysPrefs->Accounts ... Two heads mean the group permission details. ... from your daily account splits into owner-users and company sysadmins, ...
(comp.sys.mac.system)
Re: User log out?
... All I'm saying is that if bad credentials have somehow ... When you reboot or kill all client sessions it will force the user client to ... login to Sharepoint as themselves. ... Last solution which might end up backfiring is change the admin ...
(microsoft.public.sharepoint.windowsservices)