Security Incidents mailing list archives
Re: Anyone else seeing SSH scans?
From: "Ed J. Aivazian" <stealth () arminco com>
Date: Wed, 28 Jul 2004 13:15:51 +0500
Hello Matthew, Same here. Illegal users from these: guest/none from ::ffff:210.168.226.10: 1 Time(s) guest/password from ::ffff:210.168.226.10: 1 Time(s) test/none from ::ffff:210.168.226.10: 2 Time(s) test/password from ::ffff:210.168.226.10: 2 Time(s) Do the IP/network match yours? Tuesday, July 27, 2004, 10:00:24 PM, you wrote: MD> I've noticed that several *NIX machines I have running (all of which are MD> located in the same IP block) are periodically getting scanned via ssh for MD> the accounts 'test' and 'guest'. MD> The source IP varies with each scan. But I'm getting about one of these a MD> day now. Obviously, I don't have accounts with that name on my systems, MD> but still.... MD> Is this something new, or just people looking for badly configured MD> machines? MD> Matt -- Best regards, Ed mailto:stealth () arminco com
Current thread:
- Anyone else seeing SSH scans? Matthew Dharm (Jul 27)
- Re: Anyone else seeing SSH scans? Charles Heselton (Jul 28)
- Re: Anyone else seeing SSH scans? Ed J. Aivazian (Jul 28)
- Re: Anyone else seeing SSH scans? Seth J. Blank (Jul 28)
- Re: Anyone else seeing SSH scans? Jon Lewis (Jul 29)
- <Possible follow-ups>
- Re: Anyone else seeing SSH scans? sk (Jul 28)
- Re: Anyone else seeing SSH scans? Hossein Rafighi (Jul 29)
- RE: Anyone else seeing SSH scans? Andrew Kopp ( Tor ZEW ) (Jul 28)
- RE: Anyone else seeing SSH scans? R Michael Williams (Jul 29)
- RE: Anyone else seeing SSH scans? Ian Hayes (Jul 29)
- RE: Anyone else seeing SSH scans? GUSAIN, SUBODH (Jul 29)