Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Re: Automated SSH login attempts?

from [Valdis . Kletnieks] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Re: Automated SSH login attempts?
Date: Thu, 29 Jul 2004 15:35:43 -0400 
On Thu, 29 Jul 2004 18:38:15 +0200, Stefan Janecek <stefan.janecek@jku.at>  
said:


This does not seem to be a stupid brute force attack, as there is only
one login attempt per user. Could it be that the tool tries to exploit
some vulnerability in the sshd, and just tries to look harmless by using
'test' and 'guest' as usernames?


Highly doubtful.  It's easy enough to test though - just use the tool
to poke another machine under your control, and use tcpdump or ethereal
to capture all the traffic (don't forget '-s 1500' or similar for tcpdump
to get the *whole* packet).  Then somebody familiar with the SSH
protocol can go through it byte by byte and look for anything odd.

I don't expect we'll find anything, unless it's some very hard to trigger hole
on some odd architecture. Remember - with all of these probes, we're only
seeing a very few boxes actually get 0wned. More likely, script kiddies have
re-discovered the concept that if there's 500 million boxes online, enough of
them are administered by clueless people that they can snarf shells using a
default userid/password pair.....

Attachment: pgprZ1PDgMURF.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] RE: outbind in MS outlook, Stephen Taylor
Next by Date:  Re: [Full-Disclosure] Re: Automated SSH login attempts?, Andrei Galca-Vasiliu
Previous by Thread:  Re: [Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek
Next by Thread:  Re: [Full-Disclosure] Re: Automated SSH login attempts?, Jan Muenther
Indexes:  [Date] [Thread] [Top] [All Lists]