More SSH 'trolling'
Mike Ramirez
mike at thexxxhost.com
Thu Oct 14 11:36:29 UTC 2004
>
> Some questions:
>
> - Anyone else getting this?
>
> - Wouldn't these connections just get dumped because their forward
> and reverse addresses don't match?
>
> - Does anyone recognize these usernames?
Yeah I have this before from multiple IPs. Its seems to be a similar
script to the ones earlier useing test and admin with an expanded
username list. It also seems to me that they are system names,
variations of system names, and/or possible names that a user may use to
run a service.
The safest be for this is to make sure that any user in /etc/passwd and
/etc/shadow has there shell set to nologin that doesn't need SSH and
also to make sure that the FTP is disabled for them. Make sure all your
users have secure passwords. Hard to do, I understand.
I even get them on a Dynamic IP at home, well not lately since I
installed the FW/router, so its not a targetted attack.
--
Mike Ramirez <mike at thexxxhost.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041014/523f2650/attachment-0001.sig>
More information about the fedora-list
mailing list