Security Incidents mailing list archives

Re: SSH bruteforce on its way...

From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Wed, 26 Oct 2005 12:17:04 +0200

Michael.Lang () jackal-net at wrote:

Hi Volker,

ive started a honey Machine for your answer on, what are they doing with captured machines ...

I would also be interesting to list what _accounts_ they probe for. Ihave a list of users/passwords recovered from some compromised systemsand I'm working on a trojaned version of OpenSSH that would log thatinfo regardless of authentication method. There are some patches toadd backdoors to OpenSSH (athttp://packetstorm.linuxsecurity.com/UNIX/patches/ for example) thatyou can use to log those. Just remove the password backdoor from thoseand you have a good user/password logger.


Regards

Javier

Current thread:

Re: SSH bruteforce on its way..., (continued)
- Re: SSH bruteforce on its way... foxxz . net (Oct 24)
- Re: SSH bruteforce on its way... jouser (Oct 24)
  - Re: SSH bruteforce on its way... Justin (Oct 24)
    - Re: SSH bruteforce on its way... Russell Fulton (Oct 25)
    - Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 26)
    - Re: SSH bruteforce on its way... Kurt Seifried (Oct 26)
    - Re: SSH bruteforce on its way... Justin (Oct 26)
    - Re: SSH bruteforce on its way... Daniel Cid (Oct 26)
  - Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 25)
- Re: SSH bruteforce on its way... Michael . Lang (Oct 25)
  - Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
    - Re: SSH bruteforce on its way... Volker Tanger (Oct 26)
    - SNMP worm? David Gillett (Oct 26)
    - Re: SNMP worm? Mark Ryan del Moral Talabis (Oct 26)
    - RE: SNMP worm? David Gutierrez (Oct 26)
    - Re: SSH bruteforce on its way... Christine Kronberg (Oct 31)
  - Re: SSH bruteforce on its way... Lionel Ferette (Oct 26)
    - Re: SSH bruteforce on its way... Michael Lang (Oct 26)
  - Re: SSH bruteforce on its way... Bryan Hatter (Oct 26)