Security Incidents mailing list archives
Re: Anyone else seeing SSH scans?
From: Charles Heselton <charles.heselton () gmail com>
Date: Wed, 28 Jul 2004 00:20:26 -0700
On Tue, 27 Jul 2004 10:00:24 -0700, Matthew Dharm <mdharm () one-eyed-alien net> wrote:
I've noticed that several *NIX machines I have running (all of which are located in the same IP block) are periodically getting scanned via ssh for the accounts 'test' and 'guest'. The source IP varies with each scan. But I'm getting about one of these a day now. Obviously, I don't have accounts with that name on my systems, but still.... Is this something new, or just people looking for badly configured machines? Matt -- Matthew Dharm Home: mdharm () one-eyed-alien net Senior Software Designer, Momentum Computer P: Nine more messages in admin.policy. M: I know, I'm typing as fast as I can! -- Pitr and Mike User Friendly, 11/27/97
Most likely the latter. I haven't heard of any new SSH exploits since the last batch. As long as you're up to date, I would suspect that you're fine. -- Charlie Heselton Network Security Engineer
Current thread:
- Anyone else seeing SSH scans? Matthew Dharm (Jul 27)
- Re: Anyone else seeing SSH scans? Charles Heselton (Jul 28)
- Re: Anyone else seeing SSH scans? Ed J. Aivazian (Jul 28)
- Re: Anyone else seeing SSH scans? Seth J. Blank (Jul 28)
- Re: Anyone else seeing SSH scans? Jon Lewis (Jul 29)
- <Possible follow-ups>
- Re: Anyone else seeing SSH scans? sk (Jul 28)
- Re: Anyone else seeing SSH scans? Hossein Rafighi (Jul 29)
- RE: Anyone else seeing SSH scans? Andrew Kopp ( Tor ZEW ) (Jul 28)
- RE: Anyone else seeing SSH scans? R Michael Williams (Jul 29)
- RE: Anyone else seeing SSH scans? Ian Hayes (Jul 29)
- RE: Anyone else seeing SSH scans? GUSAIN, SUBODH (Jul 29)