Security Incidents mailing list archives
FW: [Intrusions] Linux SSH scanning - test/guest
From: "M Shirk" <shirkdog_linux () hotmail com>
Date: Fri, 30 Jul 2004 07:22:45 -0400
This is from the ISC's mailling and is relevant here: Subject: [Intrusions] Linux SSH scanning - test/guest Importance: Low FYI We got zapped by some hackers from, I think, Romania that have a priv escalation exploit for Linux 2.4.20 http://sirzion.illusivecreations.com/loginxy There is also a multithreaded SSH bruteforcer called "haita" This attempts to login to machines using the accounts "test" and "guest", with passwords "test" & "guest" respectively. It runs from a file of addresses found by a synscan program. It identifies itself as SSH-2.0-libssh-0.1 So, SSH login failures for test & guest are an indication of this thing running at the remote end. The two names & passwords appear to be hardcoded into the program. Since Linux as I recall backs off after failed attempts there wouldn't be much to gain by trying many more names, but variants may appear with other defaults. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 security () triumf ca _______________________________________________ _________________________________________________________________MSN Toolbar provides one-click access to Hotmail from any Web page FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/
Current thread:
- FW: [Intrusions] Linux SSH scanning - test/guest M Shirk (Jul 30)