Re: SSH scans...
From: Ben Nelson (lists_at_venom600.org)
Date: 12/20/04
- Previous message: Tim Kennedy: "Re: [incidents] SSH scans..."
- In reply to: Raymond Lillard: "Re: SSH scans..."
- Next in thread: Steve Kemp: "Re: SSH scans..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Dec 2004 14:48:11 -0700 To: Raymond Lillard <rlillard@sonic.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Raymond Lillard wrote:
|
| PS I'm curious, has anybody heard of these scans
| compromising a machine, ever?
Yes. A colleague of mine had a machine with SSH open to the world. A
user account called 'test' with a password of 'test' was used in one of
these scans to gain access (I have no idea why he had an account like
that on the server in the first place... :0/). When the scan occured,
whatever bot was being used to scan just noted the availability of the
account. The account was then used several days later for an
interactive login with what looked like a live person, who installed an
IRC server and an FTP server (on non-privileged ports).
- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFBx0ib3cL8qXKvzcwRAqMBAJ4lIG8uZ3WoDbUk1r6qJY1XereCzACg38JU
I9ZkbRR5xBlVIlCpFTtmom8=
=v9Xn
-----END PGP SIGNATURE-----
- Previous message: Tim Kennedy: "Re: [incidents] SSH scans..."
- In reply to: Raymond Lillard: "Re: SSH scans..."
- Next in thread: Steve Kemp: "Re: SSH scans..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
