Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automated ssh scanning

From: andreas () inferno nadir org
Date: Thu, 26 Aug 2004 10:47:51 +0200
Hi, 

do you have an image you can share with us?
did you setup key logging?
if not, setup your honeypot again with better control about, what 
the intruder is doing.

regards,

andreas


On Thursday 26 August 2004 09:14, Richard Verwayen wrote:

On Thu, 2004-08-26 at 03:11, David Vincent wrote:

Hello list!

A few weeks ago there was a discussion about automated ssh scanning with
user/password combinations like guest/guest or admin/admin.
I set up a debian woody fully patched with both accounts activated, and
got rooted some days later...

The attackers installed some software and irc-bots and tried to use this
host for testing other computers, thats not the point. I would like to
know where's the weak point in the system? As the system was updates on
a daily base! The only known weakness were these two accounts!


you didn't set up admin/admin as root did you?

just asking.

-d


Hello David,

no I created only unprivileged user accounts! And the root password is
not considered to be weak!

Richard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: