Re: SSH attacks?

From: Robin (robin_at_kallisti.net.nz)
Date: 07/30/04

  • Next message: Brian C. Lane: "Re: SSH attacks?"
    To: incidents@securityfocus.com
    Date: Fri, 30 Jul 2004 12:58:10 +1200
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Friday 30 July 2004 05:22, Marcus Merrin wrote:
    > I saw the same thing about a month ago, only the selection of usernames
    > was much wider, including graceland, metro, elvis, matrix and many more
    I have seen the same. I think (although haven't tried to verify) that these
    are Nessus test.

    > including guest and test. It was traced to a host in Japan but I
    > haven't heard back from them if any action was taken. Maybe the current
    My last batch of Nessus scans, a few days ago, was from Taiwan. Apparently
    action was taken (I got a reply saying that the report was being forwarded to
    the institution security people) and the scans stopped.

    > wave is a cut-down version of a more comprehensive tool? Attacks on my
    > client's servers went on for about an hour at a time.
    Just grepping through my logs, since Jul 21 I have been seeing the test and
    guest ones. I have also seen one source that ran through: test, guest, admin,
    admin, user, root, root, root, test.

    Otherwise it's all been test and guest (or people making typos).
    - --
    Robin <robin@kallisti.net.nz> JabberID: <eythian@jabber.org>

    Hostes alienigeni me abduxerunt. Qui annus est?

    PGP Key 0x776DB663 = DD10 5C62 1E29 A385 9866 0853 CD38 E07A 776D B663
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBCZ0jzTjgendttmMRAq5bAJ9RNNj7uNWStdbju3l/QPHUfBCf6wCgqfNF
    QRUyRtKLxqZ2P6tK0MBAWZg=
    =ult7
    -----END PGP SIGNATURE-----


  • Next message: Brian C. Lane: "Re: SSH attacks?"