Re: SSH bruteforce on its way...
From: Javier Fernandez-Sanguino (jfernandez_at_germinus.com)
Date: 10/26/05
- Previous message: Russell Fulton: "Re: SSH bruteforce on its way..."
- In reply to: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Next in thread: Volker Tanger: "Re: SSH bruteforce on its way..."
- Reply: Volker Tanger: "Re: SSH bruteforce on its way..."
- Reply: David Gillett: "SNMP worm?"
- Reply: Christine Kronberg: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Oct 2005 12:17:04 +0200 To: Michael.Lang@jackal-net.at
Michael.Lang@jackal-net.at wrote:
> Hi Volker,
>
> ive started a honey Machine for your answer on, what are they doing with captured machines ...
I would also be interesting to list what _accounts_ they probe for. I
have a list of users/passwords recovered from some compromised systems
and I'm working on a trojaned version of OpenSSH that would log that
info regardless of authentication method. There are some patches to
add backdoors to OpenSSH (at
http://packetstorm.linuxsecurity.com/UNIX/patches/ for example) that
you can use to log those. Just remove the password backdoor from those
and you have a good user/password logger.
Regards
Javier
- Previous message: Russell Fulton: "Re: SSH bruteforce on its way..."
- In reply to: Michael.Lang_at_jackal-net.at: "Re: SSH bruteforce on its way..."
- Next in thread: Volker Tanger: "Re: SSH bruteforce on its way..."
- Reply: Volker Tanger: "Re: SSH bruteforce on its way..."
- Reply: David Gillett: "SNMP worm?"
- Reply: Christine Kronberg: "Re: SSH bruteforce on its way..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
