Security Incidents mailing list archives
Re: SSH scans...
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 20 Dec 2004 16:23:02 +0000
On Mon, 2004-12-20 at 10:21 -0500, Dejan Markovic wrote:
need to ask if others have the same entries in their logs
<snip> Yep ongoing SSH scanning using multiple SSH bruteforce type tools, this has been discussed extensively on most of the infosec mailing lists. ATM If you aren't seeing SSH bruteforce attempts in your logs then your SSH server is down :-P Google the user/pass combinations for more information eg.. http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=frank+george+password+ssh With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Harald Nesland (Dec 20)
- RE: SSH scans... another possible solution Ron Moore (Dec 20)
- Re: SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Barrie Dempster (Dec 20)
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: SSH scans... Harald Nesland (Dec 20)
- Re: SSH scans... Keith Morgan (Dec 20)
- Re: SSH scans... Gerry Dalton (Dec 20)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... skippy1 (Dec 21)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... Raymond Lillard (Dec 20)
- Re: SSH scans... Ben Nelson (Dec 20)
- Re: SSH scans... Steve Kemp (Dec 20)
- RE: SSH scans... KEM Hosting (Dec 21)