Re: sequences in the auth.log
From: Craig Edwards (brain_at_winbot.co.uk)
Date: 08/13/04
- Previous message: Steve Zweep: "ICMP attacks against TCP"
- Maybe in reply to: Sandor Berta: "sequences in the auth.log"
- Next in thread: Gregory Kuhn: "Re: sequences in the auth.log"
- Reply: Gregory Kuhn: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 18:35:06 +0100 To: "Sandor Berta" <berta@beco.hu>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
ive been getting this too on both my freebsd boxes, it seems to be an epidemic. i guess its some form of ssh scanner looking for open accounts with no passwords (or easily guessable passwords)?
Thanks,
Craig
>Hi all,
>I found similar sequences in the
<snip>
>165.21.103.20 port 39836 ssh2
>Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20
>Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57
>Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57
>
>What are these?
>
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Steve Zweep: "ICMP attacks against TCP"
- Maybe in reply to: Sandor Berta: "sequences in the auth.log"
- Next in thread: Gregory Kuhn: "Re: sequences in the auth.log"
- Reply: Gregory Kuhn: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
