Re: SSH Attempts: Link to RedHat?
From: Rodrigo Barbosa (rodrigob@bh.conectiva.com.br)Date: 12/19/01
- Previous message: Holger van Lengerich (paderLinx GmbH): "Re: SSH Attempts: Link to RedHat?"
- In reply to: Gregg Sperling: "SSH Attempts: Link to RedHat?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Dec 2001 13:54:53 -0200 From: Rodrigo Barbosa <rodrigob@bh.conectiva.com.br> To: incidents@securityfocus.com
And interesting followup this this (AFAIC).
I've been receiving SSH Stealth Probe since yesteday. They are all comming
from hacked boxes, owned by "./fux0r terrorism".
They actually post the data on the boxes. One example (name protected):
Linux XXXXX.XXXXXX.net 2.2.14 #2 Wed Feb 2 02:23:05 PST 2000 i686 unknown
uid=0(root) gid=1(bin) groups=1(bin),2(daemon),3(sys)
12:48pm up 61 days, 9:05, 0 users, load average: 0.10, 0.03, 0.01
Red Hat Linux release 6.1 (Cartman)
Kernel 2.2.14 on an i686
This is an old machine, and I don't have access to any RH6.1 boxes to check
which version of SSHD they are running.
-- Rodrigo Barbosa - rodrigob at bh.conectiva.com.br Conectiva S/A - Belo Horizonte, MG, Brazil "Quis custodiet ipsos custodiet?" - http://www.conectiva.com/
- application/pgp-signature attachment: stored
- Previous message: Holger van Lengerich (paderLinx GmbH): "Re: SSH Attempts: Link to RedHat?"
- In reply to: Gregg Sperling: "SSH Attempts: Link to RedHat?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
