Network Security: Detailed info on Re: SSH scans...

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: SSH scans...

from [Ben Nelson] Network Security

[Permanent Link]

Subject:	Re: SSH scans...
Date:	Mon, 20 Dec 2004 14:48:11 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Raymond Lillard wrote:
|
| PS   I'm curious, has anybody heard of these scans
|      compromising a machine, ever?

Yes.  A colleague of mine had a machine with SSH open to the world.  A
user account called 'test' with a password of 'test' was used in one of
these scans to gain access (I have no idea why he had an account like
that on the server in the first place... :0/).  When the scan occured,
whatever bot was being used to scan just noted the availability of the
account.  The account was then used several days later for an
interactive login with what looked like a live person, who installed an
IRC server and an FTP server (on non-privileged ports).

- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFBx0ib3cL8qXKvzcwRAqMBAJ4lIG8uZ3WoDbUk1r6qJY1XereCzACg38JU
I9ZkbRR5xBlVIlCpFTtmom8=
=v9Xn
-----END PGP SIGNATURE-----

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: SSH scans... another possible solution, (continued) RE: SSH scans... another possible solution, Ron Moore Re: SSH scans..., Dejan Markovic Re: SSH scans..., Barrie Dempster Re: [incidents] SSH scans..., Tim Kennedy Message not available Re: [incidents] SSH scans..., Tim Kennedy Re: SSH scans..., Keith Morgan Re: SSH scans..., Gerry Dalton Re: SSH scans..., Peter Willis Re: SSH scans..., skippy1 Re: SSH scans..., Raymond Lillard Re: SSH scans..., Ben Nelson <= Re: SSH scans..., Steve Kemp RE: SSH scans..., KEM Hosting Re: SSH scans..., Michael H. Warfield Re: SSH scans..., nixsec Re: SSH scans..., Dejan Markovic re: SSH scans..., brian@ethernet.org re: SSH scans..., Kerry Thompson

Previous by Date:	Re: [incidents] SSH scans..., Tim Kennedy
Next by Date:	Re: SSH scans..., Steve Kemp
Previous by Thread:	Re: SSH scans..., Raymond Lillard
Next by Thread:	Re: SSH scans..., Steve Kemp
Indexes:	[Date] [Thread] [Top] [All Lists]