Security Incidents mailing list archives

Re: Anyone else seeing SSH scans?

From: "Ed J. Aivazian" <stealth () arminco com>
Date: Wed, 28 Jul 2004 13:15:51 +0500

Hello Matthew,

Same here.
Illegal users from these:
   guest/none from ::ffff:210.168.226.10: 1 Time(s)
   guest/password from ::ffff:210.168.226.10: 1 Time(s)
   test/none from ::ffff:210.168.226.10: 2 Time(s)
   test/password from ::ffff:210.168.226.10: 2 Time(s)

Do the IP/network match yours?

Tuesday, July 27, 2004, 10:00:24 PM, you wrote:

MD> I've noticed that several *NIX machines I have running (all of which are
MD> located in the same IP block) are periodically getting scanned via ssh for
MD> the accounts 'test' and 'guest'.

MD> The source IP varies with each scan.  But I'm getting about one of these a
MD> day now.  Obviously, I don't have accounts with that name on my systems,
MD> but still....

MD> Is this something new, or just people looking for badly configured
MD> machines?

MD> Matt




-- 
Best regards,
 Ed                            mailto:stealth () arminco com

Current thread:

Anyone else seeing SSH scans? Matthew Dharm (Jul 27)
- Re: Anyone else seeing SSH scans? Charles Heselton (Jul 28)
- Re: Anyone else seeing SSH scans? Ed J. Aivazian (Jul 28)
- Re: Anyone else seeing SSH scans? Seth J. Blank (Jul 28)
- Re: Anyone else seeing SSH scans? Jon Lewis (Jul 29)
- <Possible follow-ups>
- Re: Anyone else seeing SSH scans? sk (Jul 28)
  - Re: Anyone else seeing SSH scans? Hossein Rafighi (Jul 29)
- RE: Anyone else seeing SSH scans? Andrew Kopp ( Tor ZEW ) (Jul 28)
- RE: Anyone else seeing SSH scans? R Michael Williams (Jul 29)
- RE: Anyone else seeing SSH scans? Ian Hayes (Jul 29)
- RE: Anyone else seeing SSH scans? GUSAIN, SUBODH (Jul 29)