Security Incidents mailing list archives

Re: SSH attacks?

From: Thomas Hochstein <ml () ancalagon inka de>
Date: Fri, 30 Jul 2004 07:40:30 +0200

Jyri Hovila schrieb:

It seems that at least one host has been rooted somehow relating to the
scans we're seeing:

http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999~start=60


According to that thread, due to a weak passwort for the test-user.

I'm pretty sure there is a new SSH exploit around. At least this clearly
isn't a brute force attack.


All postings in the thread you are quoting - except your own ones ;) -
show no reason to suspect something like that.

-thh

Current thread:

Re: SSH attacks?, (continued)
- - - Re: SSH attacks? Jay D. Dyson (Jul 30)
    - Re: SSH attacks? Frank Knobbe (Jul 31)
    - Re: SSH attacks? mgotts (Jul 31)
    - Re: SSH attacks? Steve Schuster (Jul 29)
    - Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Tom Laermans (Jul 27)
- Re: SSH attacks? buzz (Jul 27)
  - Re: SSH attacks? Jyri Hovila (Jul 29)
    - Re: SSH attacks? Chris Brenton (Jul 29)
    - Re: SSH attacks? Valdis . Kletnieks (Jul 30)
    - Re: SSH attacks? Thomas Hochstein (Jul 30)
    - Re: SSH attacks? Matt Beland (Jul 30)
  - Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
  - Re: SSH attacks? Andrew J Caines (Jul 29)
    - Re: SSH attacks? Marcus Merrin (Jul 29)
    - Re: SSH attacks? Robin (Jul 30)
    - RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
    - Re: SSH attacks? Brian C. Lane (Jul 30)

(Thread continues...)