Security Incidents mailing list archives
Re: FW: [Intrusions] Linux SSH scanning - test/guest
From: Sebastian Jaenicke <sjaenick () TechFak Uni-Bielefeld DE>
Date: Sun, 12 Sep 2004 16:50:12 +0200
Hi, On Wed, Sep 08, 2004 at 02:51:52AM +0200, Sebastian Jaenicke wrote:
I just setup an account "guest" with password "guest" and a shell modified to log commands via syslog[0].
Addendum: Later, the attacker returned and installed an IRC bouncer;
I couldn't resist, joined IRC and talked to him (from another host).
Complete list of commands, files and IRC log here:
http://www.jaenicke.org/sk/
- Sebastian
--
Sebastian Jaenicke Disce aut discede!
whois pgpkey-C81115B1 -h whois.ripe.net|perl -ne's-^certif: *--&&print'
Attachment:
_bin
Description:
Current thread:
- Re: FW: [Intrusions] Linux SSH scanning - test/guest Sebastian Jaenicke (Sep 10)
- Re: FW: [Intrusions] Linux SSH scanning - test/guest Sebastian Jaenicke (Sep 13)
- Re: FW: [Intrusions] Linux SSH scanning - test/guest Christine Kronberg (Sep 13)
- Re: FW: [Intrusions] Linux SSH scanning - test/guest Sebastian Jaenicke (Sep 13)