Re: Illegal user ssh probes
From: Calvin Maready (cc.cal_at_verizon.net)
To: firstname.lastname@example.org Date: Tue, 19 Oct 2004 21:24:51 -0700
-----BEGIN PGP SIGNED MESSAGE-----
In the last 2 months or so i've seen alot of these too, except i also get root
attempts. on k-otiks site they have a brute forcing script for ssh that i
think that a number of these scans are coming from even though it was only
release on the 20th of last month. Here is the direct link
On Saturday 16 October 2004 21:05, Christopher Strong wrote:
> In-Reply-To: <002f01c4a2d2$e0056ba0$6301010a@CPQ7380>
> >On examining /var/log/secure for several firewalls I manage remotely using
> >ssh I have observed a recurrent pattern of probing over the last several
> >that attempts to connect using user id's in the following order...
> >test / guest / admin / admin / user / test
> I am seeing this, along with random usernames in large blocks from
> compromised IPs
> >Is it worth reporting the behaviour to the net block assignees in case
> > they aren't aware their server might be compromised?
> Usually not. They are generally fools who won't reply, or if they do they
> will blow you off.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----