SecurityFocus

SSH attacks? Jul 26 2004 10:59PM
Robin (robin kallisti net nz) (10 replies)

Re: SSH attacks? Jul 29 2004 10:31AM
David Block (dave yucc yorku ca)

Re: SSH attacks? Jul 28 2004 04:33AM
brandy (brandy klammeraffe org) (2 replies)

Re: SSH attacks? Jul 29 2004 12:22AM
Andrew J Caines (A J Caines halplant com) (3 replies)

Re: SSH attacks? Jul 29 2004 10:12PM
Brian C. Lane (bcl brianlane com)

RE: SSH attacks? Jul 29 2004 06:32PM
Herman Frederick Ebeling Jr. (hfebelingjr lycos com)

Re: SSH attacks? Jul 29 2004 05:22PM
Marcus Merrin (marcus merrin emptyair com) (1 replies)

Re: SSH attacks? Jul 30 2004 12:58AM
Robin (robin kallisti net nz)

Re: SSH attacks? Jul 29 2004 12:18AM
Mike Whitley (mwhitley borg proceon com)

Re: SSH attacks? Jul 27 2004 09:12PM
buzz (reitenba fh-brandenburg de) (2 replies)

Re: SSH attacks? Jul 28 2004 07:05PM
Jyri Hovila (jyri hovila iki fi) (4 replies)

Re: SSH attacks? Jul 30 2004 05:40AM
Thomas Hochstein (ml ancalagon inka de)

Re: SSH attacks? Jul 29 2004 07:03PM
Chris Brenton (cbrenton chrisbrenton org)

Re: SSH attacks? Jul 29 2004 05:03PM
Matt Beland (matt rearviewmirror org)

Re: SSH attacks? Jul 29 2004 05:02PM
Valdis Kletnieks vt edu

Re: SSH attacks? Jul 28 2004 06:42PM
Jyri Hovila (jyri hovila iki fi)

Re: SSH attacks? Jul 27 2004 08:46PM
Adam Young (adam vbfx com) (1 replies)

On Tue, 27 Jul 2004 10:59:07 +1200
Robin <robin (at) kallisti.net (dot) nz [email concealed]> wrote:

> accounts. The big ones are going over a large list, the pairs seem to be just
> hitting test and guest:
> Jul 26 23:05:59 kallisti sshd[12314]: Illegal user test
> from ::ffff:64.246.56.44
> Jul 26 23:05:59 kallisti sshd[12314]: Failed password for illegal user test
> from ::ffff:64.246.56.44 port 41920 ssh2
> Jul 26 23:06:01 kallisti sshd[12320]: Illegal user guest
> from ::ffff:64.246.56.44
> Jul 26 23:06:01 kallisti sshd[12320]: Failed password for illegal user guest
> from ::ffff:64.246.56.44 port 41967 ssh2
>
> Does anyone know why this would appear all of a sudden?

I've noticed this myself. It has been happening for roughly one week, two at
maximum.

I think someone has either caught wind of some sort of information about loosely
configured proprietary hardware which has an empty password on test/guest, or a
worm sets up these accounts with some preset password that it checks other
machines for to see if they're also infected.

Anyways, I can't see it being a huge threat, unless it's a ssh exploit, which I
have my doubts about.

--
Adam Young <adam_at_vbfx_dot_com>
http://www.vbfx.com/
GPG Key - 5B3375F8

[ reply ]

Re: SSH attacks? Jul 28 2004 08:19AM
Christine Kronberg (Christine_Kronberg genua de) (3 replies)

Re: SSH attacks? Jul 29 2004 04:53PM
Steve Schuster (sjs74 cornell edu)

Re: SSH attacks? Jul 29 2004 04:05PM
Merlijn Tishauser (merlijn begeleidingentraining nl)

Re: SSH attacks? Jul 29 2004 09:21AM
Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies)

Re: SSH attacks? Jul 30 2004 12:38AM
Jay D. Dyson (jdyson treachery net) (2 replies)

Re: SSH attacks? Jul 31 2004 12:06AM
mgotts 2roads com

Re: SSH attacks? Jul 31 2004 12:05AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:12AM
Christine Kronberg (Christine_Kronberg genua de) (2 replies)

Re: SSH attacks? Jul 30 2004 01:26AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:44AM
Pieter-Bas IJdens (pieter-bas ijdens com)

Re: SSH attacks? Jul 27 2004 07:21PM
Tom Laermans (tom laermans powersource cx)

Re: SSH attacks? Jul 27 2004 07:17PM
Chris Brown (chris wavetex com)

Re: SSH attacks? Jul 27 2004 06:24PM
Jason Falciola (falciola us ibm com)

Re: SSH attacks? Jul 27 2004 06:15PM
Paul Schmehl (pauls utdallas edu) (1 replies)

Re: SSH attacks? Jul 30 2004 06:37PM
George Georgalis (george galis org)

Re: SSH attacks? Jul 27 2004 06:06PM
Josh Tolley (josh raintreeinc com)

Re: SSH attacks? Jul 27 2004 06:00PM
Tobias Rice (rice up edu) (1 replies)

Re: SSH attacks? Jul 28 2004 03:43AM
Chris Brenton (cbrenton chrisbrenton org)