Illegal user ssh probes
From: Frank Hamersley (terabite_at_bigpond.com)
Date: 09/25/04
- Previous message: Jonathan Loh: "Re: how to use x11 forwarding?"
- Next in thread: mike_at_genxweb.net: "Re: Illegal user ssh probes"
- Reply: mike_at_genxweb.net: "Re: Illegal user ssh probes"
- Maybe reply: mghofran_at_caregroup.harvard.edu: "RE: Illegal user ssh probes"
- Reply: Rob Hughes: "Re: Illegal user ssh probes"
- Maybe reply: Huijsmans, JCM (Jan): "RE: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Ssh List (E-mail)" <secureshell@securityfocus.com> Date: Sat, 25 Sep 2004 17:39:50 +1000
On examining /var/log/secure for several firewalls I manage remotely using
ssh I have observed a recurrent pattern of probing over the last several
that attempts to connect using user id's in the following order...
test / guest / admin / admin / user / test
We are using SSH 2 RSA key ONLY authentication ie. password based login is
not accepted, and none of these user profiles exist on the host so I am not
too concerned.
However I am wondering if anyone has characterised the probe and/or
performed a risk assessment/analysis? The rate of probes is very low so I
don't think there is a DOS attack just yet!
Is it worth reporting the behaviour to the net block assignees in case they
aren't aware their server might be compromised?
Is anybody else seeing this?
Regards, Frank.
- Previous message: Jonathan Loh: "Re: how to use x11 forwarding?"
- Next in thread: mike_at_genxweb.net: "Re: Illegal user ssh probes"
- Reply: mike_at_genxweb.net: "Re: Illegal user ssh probes"
- Maybe reply: mghofran_at_caregroup.harvard.edu: "RE: Illegal user ssh probes"
- Reply: Rob Hughes: "Re: Illegal user ssh probes"
- Maybe reply: Huijsmans, JCM (Jan): "RE: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
