Re: [Full-Disclosure] Automated SSH login attempts?
Valdis.Kletnieks_at_vt.edu
Date: 07/30/04
- Previous message: morning_wood: "Re: [Full-Disclosure] Re: Automated SSH login attempts?"
- In reply to: Neal O'Creat: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Next in thread: Jan Muenther: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Reply: Jan Muenther: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Neal O'Creat" <ids@ll.mit.edu> Date: Fri, 30 Jul 2004 14:39:40 -0400
On Fri, 30 Jul 2004 09:39:55 EDT, "Neal O'Creat" said:
> Could it be possible that there are different versions of this, one
> making noise and one much rarer one with an exploit?
It's more likely that there's one version, making noise and very rarely finding
a box with stupid passwords. It's possible there's another rare version that
tries several stupid passwords and a few old SSH vulnerabilities. Is there
*any* reliable evidence (even a single box) that appears to have been nailed by
a new exploit?
I'll gladly change my mind, but it will take somebody actually finding a
box running a *recent* SSH and had guest/test/and_so_on properly secured,
and the attack *still* got in....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: morning_wood: "Re: [Full-Disclosure] Re: Automated SSH login attempts?"
- In reply to: Neal O'Creat: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Next in thread: Jan Muenther: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Reply: Jan Muenther: "Re: [Full-Disclosure] Automated SSH login attempts?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
