Re: SSH connections
From: Jani Mikkonen (jani_at_mikkonen.org)
Date: 08/29/05
- Next message: Mr. Boy: "Change SSH port? why does this seem to be safer?"
- Previous message: Stachu 'Dozzie' K.: "Re: Make new files have different owner/group"
- In reply to: Greg Metcalfe: "Re: SSH connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Aug 2005 16:02:07 +0300
> Be advised that the nature of the attacks changes constantly. A couple of
> years ago I saw attacks limited to 3-4 standard Unixy accounts. Lately, I
> see what looks like a more evolved version of the same attacks--same Unixy
> accounts, but with the beginnings of a decent dictionary attack. I suspect
> it's an evolved version of the same tool because I see roughly the same
> distribution in attack sources. That's a very shaky assumption, but I've
> not had a need to chase it further.
Interesting part of these "evolving" scanners are that there seems to be
this scanner that probes the sshd with certain accounts. As i have
multiple host up and running these scans happen pretty often but only
once ive seen a little bit of creativity in those scans.
The scanner had obviously identified the country where my host resides
and set the account dictionary accordingly and actually hit few correct
accounts with that scan of his/her.
99.9999% of the scans i get just use the same old same old account list.
- Next message: Mr. Boy: "Change SSH port? why does this seem to be safer?"
- Previous message: Stachu 'Dozzie' K.: "Re: Make new files have different owner/group"
- In reply to: Greg Metcalfe: "Re: SSH connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
