Re: Illegal user ssh probes
From: Rail mail (railmail_at_gmail.com)
Date: 10/20/04
- Previous message: Bartek Krajnik: "Re: Illegal user ssh probes"
- In reply to: Calvin Maready: "Re: Illegal user ssh probes"
- Next in thread: Calvin Maready: "Re: Illegal user ssh probes"
- Reply: Calvin Maready: "Re: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Oct 2004 20:18:36 -0400 To: Calvin Maready <cc.cal@verizon.net>
I have gotten many probes of some rouge trying ssh to root (diffrent ips)
I got OpenSSH running on freebsd
no root logins and only using proto v2 applied
I am wondering if they are actually logging in?
does any one know of anything I should be aware of or looking for?
On Tue, 19 Oct 2004 21:24:51 -0700, Calvin Maready <cc.cal@verizon.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In the last 2 months or so i've seen alot of these too, except i also get root
> attempts. on k-otiks site they have a brute forcing script for ssh that i
> think that a number of these scans are coming from even though it was only
> release on the 20th of last month. Here is the direct link
> http://www.k-otik.com/exploits/08202004.brutessh2.c.php .
>
>
> On Saturday 16 October 2004 21:05, Christopher Strong wrote:
> > In-Reply-To: <002f01c4a2d2$e0056ba0$6301010a@CPQ7380>
> >
> > >On examining /var/log/secure for several firewalls I manage remotely using
> > >ssh I have observed a recurrent pattern of probing over the last several
> > >that attempts to connect using user id's in the following order...
> > >
> > >test / guest / admin / admin / user / test
> >
> > I am seeing this, along with random usernames in large blocks from
> > compromised IPs
> >
> > >Is it worth reporting the behaviour to the net block assignees in case
> > > they aren't aware their server might be compromised?
> >
> > Usually not. They are generally fools who won't reply, or if they do they
> > will blow you off.
>
> - --
> _______________
> Calvin Maready
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iQEVAwUBQXXollvjNZV1G9miAQI14Qf+OyuWuI7BdndXjAKvro/a6Ki4Rlqoyzhe
> WnnRRm4NTaYT1Cvww6mF0zqNwPGz7rKZWNs7TTGVOMRENMuDbKZ+TO1VH4bq3xQQ
> lRjycu9d51CunLodKwdVzDsSId/6hpSnkaWTUNrr9Ixl6+TyplTQlXXXM6Xwt2+N
> 26Kuj7xNhqOFdwV2TR9OPYof6viU1S+Vdn9Detuxa13CMLiMcMSk73MunIV84uWJ
> NynOclOlFSJOGaeLd2JMdZSEuxpjFKqKQtHsmvHNu+rQ3SqNJqgk2Eksxs+FIcOc
> DJw5vyhZzvJYcuuGEjqwdbhEdmFn2yX5CkGlrjypWhkmvO919fx9DQ==
> =A8yk
> -----END PGP SIGNATURE-----
>
- Previous message: Bartek Krajnik: "Re: Illegal user ssh probes"
- In reply to: Calvin Maready: "Re: Illegal user ssh probes"
- Next in thread: Calvin Maready: "Re: Illegal user ssh probes"
- Reply: Calvin Maready: "Re: Illegal user ssh probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
