Re: Illegal user ssh probes
From: Christopher Strong (strong_at_castrovalva.com)
Date: 10/17/04
- Previous message: rn001: "non-interactive password - RSA"
- Next in thread: Calvin Maready: "Re: Illegal user ssh probes"
- Reply: Calvin Maready: "Re: Illegal user ssh probes"
- Maybe reply: Calvin Maready: "Re: Illegal user ssh probes"
- Maybe reply: Les Bell: "Re: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 17 Oct 2004 04:05:47 -0000 To: secureshell@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <002f01c4a2d2$e0056ba0$6301010a@CPQ7380>
>
>On examining /var/log/secure for several firewalls I manage remotely using
>ssh I have observed a recurrent pattern of probing over the last several
>that attempts to connect using user id's in the following order...
>
>test / guest / admin / admin / user / test
>
I am seeing this, along with random usernames in large blocks from compromised IPs
>Is it worth reporting the behaviour to the net block assignees in case they
>aren't aware their server might be compromised?
Usually not. They are generally fools who won't reply, or if they do they will blow you off.
- Previous message: rn001: "non-interactive password - RSA"
- Next in thread: Calvin Maready: "Re: Illegal user ssh probes"
- Reply: Calvin Maready: "Re: Illegal user ssh probes"
- Maybe reply: Calvin Maready: "Re: Illegal user ssh probes"
- Maybe reply: Les Bell: "Re: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
