Re: SSH attacks?

[Robin <robin () kallisti net nz>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 30 July 2004 05:22, Marcus Merrin wrote:
> I saw the same thing about a month ago, only the selection of usernames
> was much wider, including  graceland, metro, elvis, matrix and many more
I have seen the same. I think (although haven't tried to verify) that these 
are Nessus test.

> including guest and test.  It was traced to a host in Japan but I
> haven't heard back from them if any action was taken.  Maybe the current
My last batch of Nessus scans, a few days ago, was from Taiwan. Apparently 
action was taken (I got a reply saying that the report was being forwarded to 
the institution security people) and the scans stopped.

> wave is a cut-down version of a more comprehensive tool? Attacks on  my
> client's servers  went on for about an hour at a time.
Just grepping through my logs, since Jul 21 I have been seeing the test and 
guest ones. I have also seen one source that ran through: test, guest, admin, 
admin, user, root, root, root, test.

Otherwise it's all been test and guest (or people making typos).
- -- 
Robin <robin () kallisti net nz>             JabberID: <eythian () jabber org>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0x776DB663 = DD10 5C62 1E29 A385 9866 0853 CD38 E07A 776D B663
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBCZ0jzTjgendttmMRAq5bAJ9RNNj7uNWStdbju3l/QPHUfBCf6wCgqfNF
QRUyRtKLxqZ2P6tK0MBAWZg=
=ult7
-----END PGP SIGNATURE-----