More SSH 'trolling'
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Thu Oct 14 17:28:56 UTC 2004
Am Do, den 14.10.2004 schrieb Björn Persson um 19:02:
> A list like the one below, right? I've seen a couple of these at home.
> It sure is a breakin attempt, but I allow only public key authentication
> so I'm not particularly worried.
>
> Illegal user patrick from 220.95.231.137
[ ... ]
> Björn Persson
Again an old hacked Redhat box :( If you do a port scan on the above
given IP address you will quickly find both the reason why it is being
hacked (old, unpatched services) and the indicator that it is a hacked
box:
101/tcp open ssh SSH 1.2.32 (protocol 1.5)
Seen that for so many hosts now which are involved in the SSH login
attempts.
Folks, if anyone of you are still running an old Redhat release which is
not managed any more regarding security updates and you don't update
your own from sources, please take those hosts from the net immediately!
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 19:24:33 up 14:36, 16 users, 0.36, 0.30, 0.28
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041014/49426817/attachment-0001.sig>
More information about the fedora-list
mailing list