Re: sequences in the auth.log

• Previous message: Peter C. Lai: "Re: sequences in the auth.log"
• In reply to: Craig Edwards: "Re: sequences in the auth.log"
• Next in thread: Justin: "Re: sequences in the auth.log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 Aug 2004 13:19:12 -0600
To: freebsd-security@freebsd.org

At 11:35 AM 8/13/2004, Craig Edwards wrote:
>ive been getting this too on both my freebsd boxes, it seems to be an
>epidemic. i guess its some form of ssh scanner looking for open accounts
>with no passwords (or easily guessable passwords)?

Just one more reason to mandate strict passwords for any accounts that have
interactive shell access. It is also why we don't allow shell accounts to
our users, with exception of a very small few (approximately 5 out of 200)
and those users are required to maintain very strict passwords containing
uppercase, lowercase, numeric and special characters in their passwords and
they must be changed every 30 days and they are not allowed to reuse
passwords...EVER!

My personal experience with end-users (at least most of them) is given the
opportunity, the end-user will opt for the easy to remember (a.k.a. easy to
guess) password. We have all heard the jokes about the password being
"password", its no joke...neither is first names, last names and so
on...four letter passwords are a favorite of the average end-user
too. lusers...you can't live with them, you can't live without them, you
can only try to educate them.

Greg

<snip>

> >165.21.103.20 port 39836 ssh2
> >Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20
> >Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57
> >Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57
> >
> >What are these?
> >
>
>
>_______________________________________________
>freebsd-security@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Peter C. Lai: "Re: sequences in the auth.log"
• In reply to: Craig Edwards: "Re: sequences in the auth.log"
• Next in thread: Justin: "Re: sequences in the auth.log"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: password expiration policy for admin and system accounts ? ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ... (microsoft.public.security) Re: password expiration policy for admin and system accounts ? ... policy that Admins manually reset these important account passwords every ... You can still have the passwords set to never expire, ... > Privileged accounts should be the most, not the least, well guarded. ... (microsoft.public.win2000.security) RE: Security Logging - Passwords & Accounts ... Security Logging - Passwords & Accounts ... Does anybody know of any way to log changes to user & group accounts and ... (RedHat) Re: Trillian Ver 3.1 saves passwords in plain Text ... >Cc: Suramya Tomar ... When you choose the option to check your yahoo email from Trillian ... I have a YIM, ICQ, AIM and several Jabber accounts. ... >trace of any of my passwords in any file in this directory. ... (Bugtraq) Re: pwdump 2 & 3 ... There are some noticeable differences between Windows NT4 and Windows ... cached passwords are stored separately as LSA secrets. ... - Local user accounts, stored in SAM database. ... use PWDUMP as a local admin. ... (Pen-Test)