Security Incidents mailing list archives

Re: Internet SSH scans

From: "Stephen J. Smoogen" <smooge () gmail com>
Date: Fri, 3 Mar 2006 14:05:45 -0700

Has anyone kept track of the passwords being used? I have been trying
to find a nice simple sshd password logger so that I can set up a
website that says "Is this your account? Is this your password?"


On 3/3/06, William Tarkington <William.Tarkington () openwave com> wrote:

This appears to be related to a Romanian organized crime ring.

They are using ssh scans + password lists for easy to guess servers.
From there they create a phishing site.

It has been on the rise for about 3 months or so from my records.

--Will


-----Original Message-----
From: Tom Frerichs [mailto:tfrerich () shiboleth net]
Sent: Thursday, March 02, 2006 8:57 PM
To: incidents () securityfocus com
Subject: RE: Internet SSH scans

I'm seeing the same sorts of scans, but it seems to be only on hosts
that
offer web services and have publicly published URLs that might be found
in a
user's cache.

Tom Frerichs - Denver



--
Stephen J Smoogen.
CSIRT/Linux System Administrator

Current thread:

Re: RE: Internet SSH scans, (continued)
- - Re: RE: Internet SSH scans Daxomatic (Mar 03)
  - Re: RE: Internet SSH scans Christine Kronberg (Mar 03)
  - Re: Internet SSH scans JK Adams (Mar 03)
- Re: RE: Internet SSH scans joakim . berge (Mar 03)
- Re: Re: RE: Internet SSH scans mrbits (Mar 03)
  - RE: Internet SSH scans Adriano Carvalho (Mar 21)
    - Re: Internet SSH scans Valdis . Kletnieks (Mar 22)
    - Re: Internet SSH scans Adriano Carvalho (Mar 22)
- RE: Internet SSH scans William Tarkington (Mar 03)
  - Re: Internet SSH scans ilaiy (Mar 03)
  - Re: Internet SSH scans Stephen J. Smoogen (Mar 03)
- RE: RE: Internet SSH scans Teodorski, Chris (Mar 03)
- Re: Re: Internet SSH scans notonyour (Mar 04)
- Re: RE: Internet SSH scans Michael . Lang (Mar 23)
  - Re: Internet SSH scans Valdis . Kletnieks (Mar 23)