Full Disclosure mailing list archives
Re: Any update on SSH brute force attempts?
From: Jay Libove <libove-fulldisc () felines org>
Date: Sat, 16 Oct 2004 08:36:00 -0400 (EDT)
Hola a Colombia, Fabio! y Cc: al listo - Personal aside (others read on below please), Many years ago, my father used to travel there (and many other places in South and Central America) on business. My travels have been fairly wide, but have not yet taken me to your country. Some day! It's a good idea to instrument SSHD to log cleartext passwords for failed login attempts. I don't have time to write the code myself, but if someone else has it, I'll consider using it for a while. Anyone? Here is the list of non-existent users attempted: account adam admin alan backup cip51 cip52 cosmin cyrus data frank george guest henry horde iceuser irc jane john master matt mysql noc oracle pamela patrick rolo server sybase test user web webmaster www www-data wwwrun And the few present users attempted: adm apache nobody operator root -Jay On Fri, 15 Oct 2004, Fabio wrote:
Date: Fri, 15 Oct 2004 22:01:29 -0400 From: Fabio <fabio () crearium com> To: Jay Libove <libove () felines org> Subject: Re: [Full-disclosure] Any update on SSH brute force attempts? Would you mind to provide me the username that were tried? have you ever modify your ssh daemon to log clear text passwords? Jay Libove wrote:A month or three back, I engaged in some conversation with others here on full-disclosure about brute force login attempts several of us were seeing on our SSH servers. Brute force isn't really the right description, as each account is only tried a few times (root gets about 50). As we surmised before, this still looks like an attack looking for certain known ID/password combinations. Recently, a couple of times a week, I see repeats of this which now have as many as fifty different accounts being attacked. (Almost none of which exist on my server, and none of which will have common passwords thankyouverymuch). What are you doing/changing about your SSH configurations to reduce the possibility of these attacks finding any kind of hole in the OpenSSH software (that's what I run, so that's the only version I'm particularly concerned about) ? Are you doing anything at all? Thanks -Jay
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Any update on SSH brute force attempts? Jay Libove (Oct 15)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Re: Any update on SSH brute force attempts? Frank Knobbe (Oct 16)
- Re: Any update on SSH brute force attempts? Kevin (Oct 15)
- Message not available
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Re: Any update on SSH brute force attempts? Tim (Oct 16)
- RE: Re: Any update on SSH brute force attempts? Sean Crawford (Oct 16)
- Re: Any update on SSH brute force attempts? Jay Libove (Oct 16)
- Re: Any update on SSH brute force attempts? James Riden (Oct 15)
- Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Raj Mathur (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Ron DuFresne (Oct 18)
- Re: Re: Any update on SSH brute force attempts? Dave Ewart (Oct 18)
- Re: Re: Re: Any update on SSH brute force attempts? Barrie Dempster (Oct 18)