Security Basics mailing list archives
Re: SSH Scans
From: Ayaz Ahmed Khan <ayaz () pakcon org>
Date: Sun, 19 Mar 2006 14:41:27 +0500 (PKT)
Michel Pereira typed:
After of seeing a lot of ssh scans on my firewalls and home PC, I made a script that filters out the "Invalid User" entry inside /var/log/messages and do some cleaning process, the result is a dictionary (homebrew) of users that tried to login into my hosts. Into the dictionary I saw english and Brazilian Portuguese words, maybe we have Brazilian hackers running scan bots too. This work is only for experiment and curiosity to see what is happening with Internet today, you can get the script and dictionary in http://www.michel.eti.br/2006/03/ssh-scans.html If you have a better idea of sugestion, please mail me: "michel () michel eti br"
You will see a lot of similar entries in log file(s) if you run SSH on the standard port. In order to get around to having a clogged log file, I altered SSHd to run on a non-standard port on the public box I admin. It is not a *foolproof* solution, but it has worked for me so far. -- Ayaz Ahmed Khan Then, gently touching my face, she hesitated for a moment as her incredible eyes poured forth into mine love, joy, pain, tragedy, acceptance, and peace. "'Bye for now," she said warmly. -- Thea Alexander, "2150 A.D." --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- SSH Scans Michel Pereira (Mar 17)
- Re: SSH Scans Rodrigo Fernandez (Mar 20)
- Re: SSH Scans Ayaz Ahmed Khan (Mar 20)
- <Possible follow-ups>
- RE: SSH Scans Bergert, David (Mar 20)