Network Security: Detailed info on Re: [Full-Disclosure] Re: Automated SSH login attempts?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

Re: [Full-Disclosure] Re: Automated SSH login attempts?

from [dmargoli] Network Security

[Permanent Link]

Subject:	Re: [Full-Disclosure] Re: Automated SSH login attempts?
Date:	Thu, 29 Jul 2004 13:52:29 -0400

Stefan Janecek wrote:

This does not seem to be a stupid brute force attack, as there is only
one login attempt per user. Could it be that the tool tries to exploit
some vulnerability in the sshd, and just tries to look harmless by using
'test' and 'guest' as usernames?

The compromised machine was running an old debian woody installation
which had not been upgraded for at least one year, the sshd version
string says 'OpenSSH_3.6.1p2 Debian 1:3.6.1p2-10'

Does the Debian machine that was compromised have a ``test'' or ``guest'' username?

Also, if it wasn't patched in a year, it may still be vulnerable to this: http://www.cert.org/advisories/CA-2003-24.html

I would tend to think this isn't a 0day kinda vuln, as if it were, he'd be a lot more successful than he seems (unless we're all rooted and don't even know it). But who can tell?

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek Re: [Full-Disclosure] Re: Automated SSH login attempts?, dmargoli <= Re: [Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek Re: [Full-Disclosure] Re: Automated SSH login attempts?, Valdis . Kletnieks Re: [Full-Disclosure] Re: Automated SSH login attempts?, Jan Muenther Re: [Full-Disclosure] Re: Automated SSH login attempts?, Andrei Galca-Vasiliu Re: [Full-Disclosure] Re: Automated SSH login attempts?, Max Valdez Re: [Full-Disclosure] Re: Automated SSH login attempts?, Andrei Galca-Vasiliu Re: [Full-Disclosure] Re: Automated SSH login attempts?, Max Valdez Re: [Full-Disclosure] Re: Automated SSH login attempts?, dmargoli Re: [Full-Disclosure] Re: Automated SSH login attempts?, joe smith Re: [Full-Disclosure] Re: Automated SSH login attempts?, Ron DuFresne

Previous by Date:	[Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek
Next by Date:	Re: [Full-Disclosure] IE, how to detect in which zone scripts are executed?, Eric Paynter
Previous by Thread:	[Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek
Next by Thread:	Re: [Full-Disclosure] Re: Automated SSH login attempts?, Stefan Janecek
Indexes:	[Date] [Thread] [Top] [All Lists]