Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Illegal user ssh probes

from [Calvin Maready] Network Security [Permanent Link]
Subject: Re: Illegal user ssh probes
Date: Tue, 19 Oct 2004 21:24:51 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the last 2 months or so i've seen alot of these too, except i also get root 
attempts. on k-otiks site they have a brute forcing script for ssh that i 
think that a number of these scans are coming from even though it was only 
release on the 20th of last month. Here is the direct link 
http://www.k-otik.com/exploits/08202004.brutessh2.c.php .
On Saturday 16 October 2004 21:05, Christopher Strong wrote:

In-Reply-To: <002f01c4a2d2$e0056ba0$6301010a@CPQ7380>


On examining /var/log/secure for several firewalls I manage remotely using
ssh I have observed a recurrent pattern of probing over the last several
that attempts to connect using user id's in the following order...

test / guest / admin / admin / user / test


I am seeing this, along with random usernames in large blocks from
compromised IPs


Is it worth reporting the behaviour to the net block assignees in case
they aren't aware their server might be compromised?


Usually not.  They are generally fools who won't reply, or if they do they
will blow you off.


- -- 
_______________
Calvin Maready
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQXXollvjNZV1G9miAQI14Qf+OyuWuI7BdndXjAKvro/a6Ki4Rlqoyzhe
WnnRRm4NTaYT1Cvww6mF0zqNwPGz7rKZWNs7TTGVOMRENMuDbKZ+TO1VH4bq3xQQ
lRjycu9d51CunLodKwdVzDsSId/6hpSnkaWTUNrr9Ixl6+TyplTQlXXXM6Xwt2+N
26Kuj7xNhqOFdwV2TR9OPYof6viU1S+Vdn9Detuxa13CMLiMcMSk73MunIV84uWJ
NynOclOlFSJOGaeLd2JMdZSEuxpjFKqKQtHsmvHNu+rQ3SqNJqgk2Eksxs+FIcOc
DJw5vyhZzvJYcuuGEjqwdbhEdmFn2yX5CkGlrjypWhkmvO919fx9DQ==
=A8yk
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: syslogin_perform_logout: logout() returned an error, Eloi Granado
Next by Date:  Re: Illegal user ssh probes, Calvin Maready
Previous by Thread:  Re: Illegal user ssh probes, Christopher Strong
Next by Thread:  Re: Illegal user ssh probes, Rail mail
Indexes:  [Date] [Thread] [Top] [All Lists]