More SSH 'trolling'
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Thu Oct 14 19:03:15 UTC 2004
Am Do, den 14.10.2004 schrieb Edwin Dicker um 20:42:
> I dont know if it has been come to anyones attention but I have these
> 'hack-attempts' only since I've subscribed to this list !!!
There should be no connection between being tried at sshd and the list
subscription. The script kids' scripts are scanning whole nets. A couple
of weeks ago I had "the chance" to see such a script. From hacked
systems these scripts run and scan larger nets and mail the results of
possible victims automatically to their master.
> Before that, nobody bothered me other then looking for a open relay system.
> Maybe anyone knows someone who is not subscribed to this list and has these
> attempts as well ??
Me. I am root on 2 systems where there is no connection to this list and
they are too probed on ssh.
> It might well be possible that someone is trying to hack us only .
At least obvious from my observations is, that mainly old Redhat systems
are already owned and used for further attacks. Seems the hackers have
specific OpenSSH / OpenSSL versions as their target - and unfortunately
there are enough weak because not updated systems connected to the net.
> Edwin
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 20:47:43 up 15:59, 16 users, 0.26, 0.34, 0.41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041014/ae76c527/attachment-0001.sig>
More information about the fedora-list
mailing list