MORE SSH Hacking: heads-up
Scot L. Harris
webid at cfl.rr.com
Wed Aug 4 16:56:53 UTC 2004
On Wed, 2004-08-04 at 11:03, Mike Markiw III wrote:
> Thanks for the info on where to look. I hadn't looked at these logs before, but I'm getting scanned quite a bit as well.
> The user accounts they try to log in as are:
> test
> guest
> admin
> root
>
> I would definitely suggest updating any/all passwords on your systems if they are dictionary based.
>
> The scans start about ten days ago for my system. Obviously, the script-kiddies found a new toy. We can probably expect more of this junk in the future.
>
> -Mike
Found reference to this scanning on another site. Does appear to be a
new brute force ssh script. The list of accounts it tries seems to
indicate someone that is more use to windows type boxes that unix boxes.
Sources available at frauder.us apparently.
Fairly good analysis of it at
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1281.html
So change your passwords, disable all services, and hunker down. This
one is going to be here for awhile.
--
Scot L. Harris <webid at cfl.rr.com>
More information about the fedora-list
mailing list