Security Incidents mailing list archives
Re: SSH probe attack afoot?
From: Martin Sarsale <martin.sarsale () tnsweb com>
Date: Mon, 07 Feb 2005 15:42:32 -0300
Everytime I got one of those scans Im courious about what are those clients (bots or hax0rs) using as passwords.
Does it makes any sense to log the password they're using apart of satisfying my couriosity? And: does ssh provides this kind of functionality? (I know it could be a security breach in case you type your root password in uppercase and it ends on your logs)
Bernie Cosell wrote:
We're now getting hammered with the third round of ssh probes in the last four days [one from CA, one from Brazil and one from Virginia]. I was wondering: is there some virus or the like floating around now that leaves an ssh-hammering zombie in its wake? Or is it just coincidental that we have gotten three floods?[the probes are just dozens of random-seeming login attempts with a bunch of root-password-guesses interspersed]/Bernie\
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005
Current thread:
- SSH probe attack afoot? Bernie Cosell (Feb 07)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)
- Re: SSH probe attack afoot? Steve Bonds (Feb 07)
- Re: SSH probe attack afoot? Steven Harrison (Feb 07)
- Re: SSH probe attack afoot? xyberpix (Feb 07)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? j () 65535 com (Feb 08)
- Re: SSH probe attack afoot? Stephen Warren (Feb 08)
- Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
- Re: SSH probe attack afoot? j lake (Feb 08)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 12)
- Re: SSH probe attack afoot? Stephen J. Smoogen (Feb 12)
- Re: SSH probe attack afoot? Jeffrey Goldberg (Feb 16)
(Thread continues...)
- Re: SSH probe attack afoot? Martin Sarsale (Feb 07)