Security Incidents mailing list archives
Re: SSH probes?
From: iglope <iglope () ifrance com>
Date: Wed, 12 May 2004 09:03:57 +0100
Hi Devdas
I got about 61 of these in my logs before I turned sshd off. This looks like a brute force attempt at getting a login. May 9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20 user=ftp
one time we have : authentication failure;
May 9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown
Another we have : check pass; user unknown isn't a way to discover a valid user for next brute force session ?may be u have to tune your ssh to send the same msg for valid and invalid user ?
_____________________________________________________________________ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH probes? Devdas Bhagat (May 10)
- RE: SSH probes? Jerry Shenk (May 10)
- Re: SSH probes? iglope (May 12)
- Re: SSH probes? Valdis . Kletnieks (May 12)
- Re: SSH probes? Klaus Lichtenwalder (May 12)
- Re: SSH probes? Valdis . Kletnieks (May 12)