FW: [Intrusions] Linux SSH scanning - test/guest

["M Shirk" <shirkdog_linux () hotmail com>]

This is from the ISC's mailling and is relevant here:

Subject: [Intrusions] Linux SSH scanning - test/guest
Importance: Low

FYI

We got zapped by some hackers from, I think, Romania that have a
priv escalation exploit for Linux 2.4.20
http://sirzion.illusivecreations.com/loginxy

There is also a multithreaded SSH bruteforcer called "haita"
This attempts to login to machines using the accounts "test" and "guest",
with passwords "test" & "guest" respectively. It runs from a file
of addresses found by a synscan program. It identifies itself as
SSH-2.0-libssh-0.1

So, SSH login failures for test & guest are an indication of this
thing running at the remote end.

The two names & passwords appear to be hardcoded into the program.
Since Linux as I recall backs off after failed attempts there wouldn't be
much to gain by trying many more names, but variants may appear with other
defaults.

--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security () triumf ca
_______________________________________________

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE 
download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/