OpenSSH
Paul W. Frields
paul at frields.com
Wed Aug 4 00:54:28 UTC 2004
On Tue, 2004-08-03 at 19:01, Barry K. Nathan wrote:
> On Tue, Aug 03, 2004 at 05:42:51PM -0500, Jay Summers wrote:
> > Ditto there. I just sent a message today to one of my other user-lists
>
> You mean with sshd hanging, or just all the scans? (I've seen the latter
> but not the former.)
>
> It's crackers looking for people who are dumb enough to create an
> account named "test" with password "test" (or "guest"/"guest") and leave
> it accessible to anyone on the 'Net. Once they get in, they use kernel
> exploits to get root (if you have users/admins this dumb, *this* is why you
> need to keep the kernel up to date!) and then they install a rootkit...
>
> These people, whoever they are, are succeding in breaking into more
> systems than you'd expect... :|
For more info on SuckIT, the rootkit in question, you can check out some
info at, e.g.:
http://www.incidents.org/diary.php?date=2004-07-23
http://www.phrack.org/show.php?p=58&a=7
http://www.broadbandreports.com/forum/remark,10854834
I've been getting these for some time now, and the admins I've bothered
to contact back have all confirmed they were hacked due to lazy security
protocols. Not a fair sampling technique but interesting nonetheless.
--
Paul W. Frields, RHCE
More information about the fedora-legacy-list
mailing list