Re: SSH attacks?

• Previous message: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
• Maybe in reply to: Robin: "SSH attacks?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
Date: Fri, 30 Jul 2004 12:58:10 +1200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 30 July 2004 05:22, Marcus Merrin wrote:
> I saw the same thing about a month ago, only the selection of usernames
> was much wider, including graceland, metro, elvis, matrix and many more
I have seen the same. I think (although haven't tried to verify) that these
are Nessus test.

> including guest and test. It was traced to a host in Japan but I
> haven't heard back from them if any action was taken. Maybe the current
My last batch of Nessus scans, a few days ago, was from Taiwan. Apparently
action was taken (I got a reply saying that the report was being forwarded to
the institution security people) and the scans stopped.

> wave is a cut-down version of a more comprehensive tool? Attacks on my
> client's servers went on for about an hour at a time.
Just grepping through my logs, since Jul 21 I have been seeing the test and
guest ones. I have also seen one source that ran through: test, guest, admin,
admin, user, root, root, root, test.

Otherwise it's all been test and guest (or people making typos).
- --
Robin <robin@kallisti.net.nz> JabberID: <eythian@jabber.org>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0x776DB663 = DD10 5C62 1E29 A385 9866 0853 CD38 E07A 776D B663
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBCZ0jzTjgendttmMRAq5bAJ9RNNj7uNWStdbju3l/QPHUfBCf6wCgqfNF
QRUyRtKLxqZ2P6tK0MBAWZg=
=ult7
-----END PGP SIGNATURE-----

• Previous message: Herman Frederick Ebeling Jr.: "RE: SSH attacks?"
• Maybe in reply to: Robin: "SSH attacks?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]