Re: SSH attacks?

From: Andrew J Caines (A.J.Caines_at_halplant.com)
Date: 07/29/04

Next message: Hossein Rafighi: "Re: Anyone else seeing SSH scans?"

Previous message: Christine Kronberg: "Re: SSH attacks?"
In reply to: brandy: "Re: SSH attacks?"
Next in thread: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
Reply: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
Reply: Brian C. Lane: "Re: SSH attacks?"
Reply: Marcus Merrin: "Re: SSH attacks?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Jul 2004 20:22:24 -0400
To: incidents@securityfocus.com

FWIW, here's what I've seen on my single IP cable connection:

Jul 17 04:54:46 test 129.194.21.5
Jul 17 04:54:47 guest 129.194.21.5
Jul 22 04:38:49 test 61.237.13.234
Jul 22 04:38:52 guest 61.237.13.234
Jul 23 10:55:46 test 61.109.156.5
Jul 23 10:55:49 guest 61.109.156.5
Jul 24 19:40:48 test 202.6.75.195
Jul 24 19:40:50 guest 202.6.75.195
Jul 24 20:24:31 test 69.0.134.72
Jul 24 20:24:31 guest 69.0.134.72
Jul 24 20:24:32 admin 69.0.134.72
Jul 24 20:24:33 admin 69.0.134.72
Jul 24 20:24:34 user 69.0.134.72
Jul 24 20:24:37 test 69.0.134.72
Jul 25 02:51:10 test 211.202.3.148
Jul 25 02:51:12 guest 211.202.3.148
Jul 25 16:30:34 test 219.234.216.150
Jul 25 16:30:37 guest 219.234.216.150
Jul 27 16:12:08 test 210.92.210.67
Jul 27 16:12:10 guest 210.92.210.67
Jul 28 11:52:43 test 65.61.98.16
Jul 28 11:52:45 guest 65.61.98.16

The timing and distribution of userids indicates to me that this is more
than a simple probe for vulnerable SSH servers.

> Reality must take precedence over public relations, for Mother Nature
> cannot be fooled. -- R.P. Feynman

"Physics is like sex: sure, it may give some practical results, but
thats not why we do it." - Feynman

-Andrew-

-- 
 _______________________________________________________________________
| -Andrew J. Caines-   Unix Systems Engineer   A.J.Caines@halplant.com  |
| "They that can give up essential liberty to obtain a little temporary |
|  safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |

Next message: Hossein Rafighi: "Re: Anyone else seeing SSH scans?"

Previous message: Christine Kronberg: "Re: SSH attacks?"
In reply to: brandy: "Re: SSH attacks?"
Next in thread: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
Reply: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
Reply: Brian C. Lane: "Re: SSH attacks?"
Reply: Marcus Merrin: "Re: SSH attacks?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Samba - trouble with simple smb.conf
... dsl is admin ... and there is a guest account and a sambapassword for each: ... on the linux box for each of the Samba users? ... Error connecting to 192.168.0.8 (Connection refused) ...
(Debian-User)
Re: Office 2003 Setup
... | User1 (Admin) to have access to Outlook and Word ... | Guest to have access to Outlook ... | as Guest or a user who doesn't have Admin rights. ...
(microsoft.public.windowsxp.security_admin)
Re: Lost opening log on screen
... in XP Home you can login as built-in Administrator only in Safe Mode. ... now that my Admin and Guest icons are back at each startup ...
(microsoft.public.windowsxp.basics)
Re: Removeing a user icon from the graphical welcome screen
... How is it done for the Admin & Guest users? ... I've downloaded power toys for WinXP from MS site. ... selective users display on the welcome screen, but the user in question is ...
(microsoft.public.windowsxp.security_admin)
Re: Lost opening log on screen
... Ramesh - Microsoft MVP ... now that my Admin and Guest icons are back at each startup ...
(microsoft.public.windowsxp.basics)