Security Incidents mailing list archives
Re: SSH attacks?
From: Merlijn Tishauser <merlijn () begeleidingentraining nl>
Date: Thu, 29 Jul 2004 18:05:19 +0200
<oeps, my repy was to original sender only> On 28-jul-04, at 10:19, Christine Kronberg wrote:
Has anyone tried to capture that with an honeypot? I'm considering that for my own but lack the proper enviroment.
Hi Located in Holland I see exactly the same...Apart from the usual SK toolkits with a lot of account-names, I also see the test/guest accounts coming by.
The ipaddresses are too random and the scan happens to often for SK work me thinks.
Looks like a worm or root-kit. What surprises me is that they don't try a password. They just knock at the door and say hello with their username. So I think it's certainly a version-check.But I agree with the above...This calls for a honeypot...I hope someone has the time and motivation to set one up...
For sofar I know this thing hasn't got a name yet... I don't like things without a name Cheers Merlijn
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Adam Young (Jul 27)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 29)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Pieter-Bas IJdens (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 30)
- Re: SSH attacks? Jay D. Dyson (Jul 30)
- Re: SSH attacks? Frank Knobbe (Jul 31)
- Re: SSH attacks? mgotts (Jul 31)
- Re: SSH attacks? Christine Kronberg (Jul 29)
- Re: SSH attacks? Adam Young (Jul 27)
- Re: SSH attacks? Steve Schuster (Jul 29)
- Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)