Network Security: Detailed info on Re: SSH probe attack afoot?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: SSH probe attack afoot?

from [Martin Sarsale] Network Security

[Permanent Link]

Subject:	Re: SSH probe attack afoot?
Date:	Mon, 07 Feb 2005 15:42:32 -0300

Everytime I got one of those scans Im courious about what are those clients (bots or hax0rs) using as passwords.

Does it makes any sense to log the password they're using apart of satisfying my couriosity? And: does ssh provides this kind of functionality? (I know it could be a security breach in case you type your root password in uppercase and it ends on your logs)

Bernie Cosell wrote:

We're now getting hammered with the third round of ssh probes in the last four days [one from CA, one from Brazil and one from Virginia]. I was wondering: is there some virus or the like floating around now that leaves an ssh-hammering zombie in its wake? Or is it just coincidental that we have gotten three floods?

[the probes are just dozens of random-seeming login attempts with a bunch of root-password-guesses interspersed]
  /Bernie\

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
SSH probe attack afoot?, Bernie Cosell Re: SSH probe attack afoot?, Martin Sarsale <= Re: SSH probe attack afoot?, Steve Bonds Re: SSH probe attack afoot?, Steven Harrison Re: SSH probe attack afoot?, xyberpix Re: SSH probe attack afoot?, Stephen Warren Re: SSH probe attack afoot?, j@65535.com Re: SSH probe attack afoot?, Barrie Dempster Re: SSH probe attack afoot?, j lake Re: SSH probe attack afoot?, Jeffrey Goldberg Re: SSH probe attack afoot?, Stephen J. Smoogen eBay Account Phishing with eBay Redirect, Steven

Previous by Date:	Re: Some rare log entry on our wiki server, hackman
Next by Date:	Re: SSH probe attack afoot?, xyberpix
Previous by Thread:	SSH probe attack afoot?, Bernie Cosell
Next by Thread:	Re: SSH probe attack afoot?, Steve Bonds
Indexes:	[Date] [Thread] [Top] [All Lists]