Re: SSH attacks?
From: Robin (robin_at_kallisti.net.nz)
To: email@example.com Date: Fri, 30 Jul 2004 12:58:10 +1200
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 30 July 2004 05:22, Marcus Merrin wrote:
> I saw the same thing about a month ago, only the selection of usernames
> was much wider, including graceland, metro, elvis, matrix and many more
I have seen the same. I think (although haven't tried to verify) that these
are Nessus test.
> including guest and test. It was traced to a host in Japan but I
> haven't heard back from them if any action was taken. Maybe the current
My last batch of Nessus scans, a few days ago, was from Taiwan. Apparently
action was taken (I got a reply saying that the report was being forwarded to
the institution security people) and the scans stopped.
> wave is a cut-down version of a more comprehensive tool? Attacks on my
> client's servers went on for about an hour at a time.
Just grepping through my logs, since Jul 21 I have been seeing the test and
guest ones. I have also seen one source that ran through: test, guest, admin,
admin, user, root, root, root, test.
Otherwise it's all been test and guest (or people making typos).
Robin <firstname.lastname@example.org> JabberID: <email@example.com>
Hostes alienigeni me abduxerunt. Qui annus est?
PGP Key 0x776DB663 = DD10 5C62 1E29 A385 9866 0853 CD38 E07A 776D B663
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----