Firewall Wizards mailing list archives

Re: Increase in SSH Probing

From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 22 Oct 2004 14:31:48 -0400 (EDT)

On Wed, 20 Oct 2004, Mathew Want wrote:

Hi,

I was wondering if anyone else had noticed a large increase in scans and
crack attempts against SSH. I found a reference to
http://www.k-otik.com/exploits/08202004.brutessh2.c.php which would
explain the pattern of usernames I had seen originally (i.e. test, guest and
root).


Yep, it's up.  I haven't seen anyone with a good capture of the
client-side code though.  If you can track one back to a source who's
willing to allow some poking, or provide the hostile code, I'm interested,
especially in the more aggressive version.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Increase in SSH Probing Mathew Want (Oct 22)
- Re: Increase in SSH Probing Paul D. Robertson (Oct 22)
- Re: Increase in SSH Probing Christine Kronberg (Oct 25)