Security Incidents mailing list archives
RE: Anyone else seeing SSH scans?
From: "Ian Hayes" <Ian.Hayes () dpsi-inc com>
Date: Wed, 28 Jul 2004 22:00:26 -0500
-----Original Message----- From: Andrew Kopp ( Tor ZEW ) [mailto:andrew.kopp () kuehne-nagel com] Sent: Wed 7/28/2004 7:33 AM To: Matthew Dharm; incidents () securityfocus com Cc: Subject: RE: Anyone else seeing SSH scans? >I have seen an significant increase of scans on our ssh ports... >But none of them seem to be related to any on this list. The attacker is >trying different accounts such as root or admin. They seem to try two >passwords with the admin account and three passwords with the root account. >If they are unable to obtain access they move on to the next host. It seems >to be scripted as each host has the same log except for the timestamp.) Just got my cable modem activated yesterday. Looks like I joined in just in time: messages:Jul 28 05:59:32 sixshooter sshd[7339]: Failed password for illegal user test from 220.68.91.206 port 48987 ssh2 messages:Jul 28 05:59:34 sixshooter sshd[7341]: Failed password for illegal user guest from 220.68.91.206 port 49009 ssh2 From the timestamp, I guess it's just someone playing around with a script. Looks like he's scanning a bunch of hosts at once if his system is opening up source ports sequentially. Actually, I'm offended. They didn't even try root.
Current thread:
- Anyone else seeing SSH scans? Matthew Dharm (Jul 27)
- Re: Anyone else seeing SSH scans? Charles Heselton (Jul 28)
- Re: Anyone else seeing SSH scans? Ed J. Aivazian (Jul 28)
- Re: Anyone else seeing SSH scans? Seth J. Blank (Jul 28)
- Re: Anyone else seeing SSH scans? Jon Lewis (Jul 29)
- <Possible follow-ups>
- Re: Anyone else seeing SSH scans? sk (Jul 28)
- Re: Anyone else seeing SSH scans? Hossein Rafighi (Jul 29)
- RE: Anyone else seeing SSH scans? Andrew Kopp ( Tor ZEW ) (Jul 28)
- RE: Anyone else seeing SSH scans? R Michael Williams (Jul 29)
- RE: Anyone else seeing SSH scans? Ian Hayes (Jul 29)
- RE: Anyone else seeing SSH scans? GUSAIN, SUBODH (Jul 29)