Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH attacks?

From: Adam Young <adam () vbfx com>
Date: Tue, 27 Jul 2004 16:46:43 -0400
On Tue, 27 Jul 2004 10:59:07 +1200
Robin <robin () kallisti net nz> wrote:


accounts. The big ones are going over a large list, the pairs seem to be just 
hitting test and guest:
Jul 26 23:05:59 kallisti sshd[12314]: Illegal user test 
from ::ffff:64.246.56.44
Jul 26 23:05:59 kallisti sshd[12314]: Failed password for illegal user test 
from ::ffff:64.246.56.44 port 41920 ssh2
Jul 26 23:06:01 kallisti sshd[12320]: Illegal user guest 
from ::ffff:64.246.56.44
Jul 26 23:06:01 kallisti sshd[12320]: Failed password for illegal user guest 
from ::ffff:64.246.56.44 port 41967 ssh2

Does anyone know why this would appear all of a sudden?


I've noticed this myself.  It has been happening for roughly one week, two at
maximum.

I think someone has either caught wind of some sort of information about loosely
configured proprietary hardware which has an empty password on test/guest, or a
worm sets up these accounts with some preset password that it checks other
machines for to see if they're also infected.


Anyways, I can't see it being a huge threat, unless it's a ssh exploit, which I
have my doubts about.

-- 
    Adam Young  <adam_at_vbfx_dot_com>
    http://www.vbfx.com/
    GPG Key - 5B3375F8
Previous By Date Next
Previous By Thread Next

Current thread: