Security Incidents mailing list archives
Re: More ssh attempts
From: Marco Slaviero <slaviero () ibi co za>
Date: Fri, 23 Nov 2001 11:17:53 +0200 (SAST)
'Twas Nov 22 when gabriel rosenkoetter wrote:
On Thu, Nov 22, 2001 at 11:24:43AM +0200, Marco Slaviero wrote:The user has restricted (sftp, and a change passwd script) access to the box. It does not seem to be the crc32 attack. The user logged on about 136 time in an hour, and disconnected almost immediately. Anyone seen this before?You've ruled out broken client software on the user's end, I trust? -- ~ g r @ eclipsed.net
It does not appear to be so. The user had successfully logged on. He had a session running for about 10 minutes, and the attempts were still coming in. Regards Marco Slaviero "Ruthless logic is the sign of a limited mind" -- Doc ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- MSLV.exe Rob Keown (Nov 21)
- <Possible follow-ups>
- RE: MSLV.exe Rob Keown (Nov 21)
- More ssh attempts Marco Slaviero (Nov 22)
- Re: More ssh attempts gabriel rosenkoetter (Nov 22)
- Re: More ssh attempts Homer Wilson Smith (Nov 22)
- Re: More ssh attempts Marco Slaviero (Nov 23)
- More ssh attempts Marco Slaviero (Nov 22)