Security Incidents mailing list archives
ssh scans using username 'test' or 'oracle'?
From: Matt Zimmerman <mdz () csh rit edu>
Date: Thu, 2 May 2002 11:14:01 -0400
I have seen this twice now on two geographically, topologically and administratively different systems. The probe was slightly different, but close enough to attract my attention. May 1 14:08:15 box1 sshd[11762]: Failed none for illegal user test from 211.4.205.72 port 46827 ssh2 May 1 14:08:15 box1 sshd[11763]: Failed none for illegal user oracle from 211.4.205.72 port 46828 ssh2 May 1 23:04:37 box2 sshd[27428]: Failed password for illegal user test from 202.8.228.198 port 4338 Has anyone else seen probes of this sort recently? -- - mdz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ssh scans using username 'test' or 'oracle'? Matt Zimmerman (May 02)
- Re: ssh scans using username 'test' or 'oracle'? Will Aoki (May 02)
- Re: ssh scans using username 'test' or 'oracle'? Matt Zimmerman (May 02)
- Re: ssh scans using username 'test' or 'oracle'? Will Aoki (May 02)