Re: SSH bruteforce on its way...
Michael.Lang_at_jackal-net.at
Date: 10/25/05
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: SSH bruteforce on its way..."
- Maybe in reply to: Volker Tanger: "SSH bruteforce on its way..."
- Next in thread: Javier Fernandez-Sanguino: "Re: SSH bruteforce on its way..."
- Reply: Javier Fernandez-Sanguino: "Re: SSH bruteforce on its way..."
- Reply: Lionel Ferette: "Re: SSH bruteforce on its way..."
- Reply: Bryan Hatter: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Oct 2005 07:29:26 -0000 To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) Hi Volker,
ive started a honey Machine for your answer on, what are they doing with captured machines ...
just after some hours the Machine was up the first attempts where made, probing for useable machines, only one attempt was a *human* login with interaction. I've used sudosh for logging the bash session and first assumption is that the person which was using the shell didnt know to much about Unix as log cleaning was made with scripts downloaded from geocities and the bash_history was forgotten.
I've put the session data on a website (http://www.jackal-net.at/tiki-read_article.php?articleId=20) where you can see what i've setup and what the guys where doing. (currently only one session is online but i'm sure, others will follow :) ... )
Kind regards
Michael Lang
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: SSH bruteforce on its way..."
- Maybe in reply to: Volker Tanger: "SSH bruteforce on its way..."
- Next in thread: Javier Fernandez-Sanguino: "Re: SSH bruteforce on its way..."
- Reply: Javier Fernandez-Sanguino: "Re: SSH bruteforce on its way..."
- Reply: Lionel Ferette: "Re: SSH bruteforce on its way..."
- Reply: Bryan Hatter: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
