Security Incidents mailing list archives

Re: SSH probes?

From: iglope <iglope () ifrance com>
Date: Wed, 12 May 2004 09:03:57 +0100

Hi  Devdas

I got about 61 of these in my logs before I turned sshd off. This looks
like a brute force attempt at getting a login.

May  9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20  user=ftp

one time we have  : authentication failure;

May  9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown

Another we have :  check pass; user unknown
isn't a way to discover a valid user for next brute force session ?

may be u have to tune your ssh to send the same msg for valid andinvalid user ?





_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

SSH probes? Devdas Bhagat (May 10)
- RE: SSH probes? Jerry Shenk (May 10)
- Re: SSH probes? iglope (May 12)
  - Re: SSH probes? Valdis . Kletnieks (May 12)
    - Re: SSH probes? Klaus Lichtenwalder (May 12)