ssh attempts
- From: Emilio Casbas <ecasbas@xxxxxxx>
- Date: Wed, 04 Jan 2006 11:35:00 +0100
I´ve noticed that several Linux Machines I have running are getting scanned via ssh for
multiple accounts such as "guest webmaster mysql info shell apache test..." and many others,
the log show:
Jan 3 01:31:08 machine sshd2[22087]: WARNING: DNS lookup failed for "X.X.X.233".
Jan 3 01:31:10 machine sshd2[22087]: password authentication failed. Login to account webmaster not allowed or account non-existent.
Jan 3 01:31:13 machine sshd2[21757]: LoginGraceTime exceeded.
as well there are attempts to connect with root login, with the log message show as:
WARNING: DNS lookup failed for "X.X.X.233". Jan 3 01:17:53 machine sshd2[21651]: root login denied for user 'root'.
Obviously, We don´t have accounts with that name on our systems, and the root account
is disabled for ssh, but I would like to know which software can do this scan type, because
while it's running, the machine proccesses grow too much.
Thanks. Emilio C.
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
- Follow-Ups:
- Re: ssh attempts
- From: Leif Ericksen
- Re: ssh attempts
- Prev by Date: RE: Why can't Firefox and Thunderbird find their own updates?
- Next by Date: Re: Social Engineering
- Previous by thread: How can I deny VPN access based on Virus DAT
- Next by thread: Re: ssh attempts
- Index(es):
Relevant Pages
|
|
