Security Incidents mailing list archives
Re: SSH scans...
From: Ben Nelson <lists () venom600 org>
Date: Mon, 20 Dec 2004 14:48:11 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raymond Lillard wrote: | | PS I'm curious, has anybody heard of these scans | compromising a machine, ever? Yes. A colleague of mine had a machine with SSH open to the world. A user account called 'test' with a password of 'test' was used in one of these scans to gain access (I have no idea why he had an account like that on the server in the first place... :0/). When the scan occured, whatever bot was being used to scan just noted the availability of the account. The account was then used several days later for an interactive login with what looked like a live person, who installed an IRC server and an FTP server (on non-privileged ports). - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBx0ib3cL8qXKvzcwRAqMBAJ4lIG8uZ3WoDbUk1r6qJY1XereCzACg38JU I9ZkbRR5xBlVIlCpFTtmom8= =v9Xn -----END PGP SIGNATURE-----
Current thread:
- RE: SSH scans... another possible solution, (continued)
- RE: SSH scans... another possible solution Ron Moore (Dec 20)
- Re: SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Barrie Dempster (Dec 20)
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: SSH scans... Keith Morgan (Dec 20)
- Re: SSH scans... Gerry Dalton (Dec 20)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... skippy1 (Dec 21)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... Raymond Lillard (Dec 20)
- Re: SSH scans... Ben Nelson (Dec 20)
- Re: SSH scans... Steve Kemp (Dec 20)
- RE: SSH scans... KEM Hosting (Dec 21)
- Re: SSH scans... Michael H. Warfield (Dec 21)
- Re: SSH scans... nixsec (Dec 22)
- Re: SSH scans... Dejan Markovic (Dec 22)
- re: SSH scans... brian () ethernet org (Dec 21)
- re: SSH scans... Kerry Thompson (Dec 22)