Security Incidents mailing list archives
Re: SSH attacks?
From: Jason Falciola <falciola () us ibm com>
Date: Tue, 27 Jul 2004 14:24:46 -0400
Robin <robin () kallisti net nz> wrote on 07/26/2004 06:59:07 PM: ] Looking a bit closer (and in other log files), I see it's people ] trying random ] accounts. The big ones are going over a large list, the pairs seem to be just ] hitting test and guest: ] Jul 26 23:05:59 kallisti sshd[12314]: Illegal user test ] from ::ffff:64.246.56.44 ] Jul 26 23:05:59 kallisti sshd[12314]: Failed password for illegal user test ] from ::ffff:64.246.56.44 port 41920 ssh2 ] Jul 26 23:06:01 kallisti sshd[12320]: Illegal user guest ] from ::ffff:64.246.56.44 ] Jul 26 23:06:01 kallisti sshd[12320]: Failed password for illegal user guest ] from ::ffff:64.246.56.44 port 41967 ssh2 ] ] Does anyone know why this would appear all of a sudden? Others have noticed this activity recently, although the exact cause (manual, automated, etc) has not been publicly identified yet. <http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999> <http://www.incidents.org/diary.php?date=2004-07-23> <http://www.incidents.org/diary.php?date=2004-07-25> One post indicated that a box which accepted the 'test' login was subsequently rooted, with the Suckit rootkit being installed. This may or may not be significant. <http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999~start=60> Jason Falciola Security Intelligence Analyst IBM Managed Security Services falciola () us ibm com
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Steve Schuster (Jul 29)
- Re: SSH attacks? Merlijn Tishauser (Jul 30)
- Re: SSH attacks? Tom Laermans (Jul 27)
- Re: SSH attacks? buzz (Jul 27)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)