Firewall Wizards mailing list archives
SSH brute force attack
From: "Toderick, Lee W" <TODERICKL () MAIL ECU EDU>
Date: Fri, 24 Jun 2005 13:17:17 -0400
Greetings! Our computers running SSH daemons have logged attacks. The attacks begin with a scan logged "Did not receive identification string from x.x.x.x", followed approximately 15 minutes later with "Illegal user " or " Failed password for root". Does anyone have information or documentation about this scan/attack? Following is a list of Illegal users: # cat secure.4 | grep "193.24.213.216" | cut -d " " -f6-12 | grep "Illegal" | cut -d " " -f 3 sun0s reboot reboot flood irc key david htpd httpd jared42 cchen admin admin admin admin test test test test test test test admin akcesbenefit b3 njproghouse schaiderhair perseus guardit phpbb bejgli forums temp eric staff bb maggie rock sandra kim recruit alina dana bloodclansb jeff Thanks, Lee Toderick
Attachment:
smime.p7s
Description:
Current thread:
- SSH brute force attack Toderick, Lee W (Jun 30)