SecurityFocus

SSH attacks? Jul 26 2004 10:59PM
Robin (robin kallisti net nz) (10 replies)

Re: SSH attacks? Jul 29 2004 10:31AM
David Block (dave yucc yorku ca)

Re: SSH attacks? Jul 28 2004 04:33AM
brandy (brandy klammeraffe org) (2 replies)

Re: SSH attacks? Jul 29 2004 12:22AM
Andrew J Caines (A J Caines halplant com) (3 replies)

Re: SSH attacks? Jul 29 2004 10:12PM
Brian C. Lane (bcl brianlane com)

RE: SSH attacks? Jul 29 2004 06:32PM
Herman Frederick Ebeling Jr. (hfebelingjr lycos com)

Re: SSH attacks? Jul 29 2004 05:22PM
Marcus Merrin (marcus merrin emptyair com) (1 replies)

Re: SSH attacks? Jul 30 2004 12:58AM
Robin (robin kallisti net nz)

Re: SSH attacks? Jul 29 2004 12:18AM
Mike Whitley (mwhitley borg proceon com)

Re: SSH attacks? Jul 27 2004 09:12PM
buzz (reitenba fh-brandenburg de) (2 replies)

Re: SSH attacks? Jul 28 2004 07:05PM
Jyri Hovila (jyri hovila iki fi) (4 replies)

Re: SSH attacks? Jul 30 2004 05:40AM
Thomas Hochstein (ml ancalagon inka de)

Re: SSH attacks? Jul 29 2004 07:03PM
Chris Brenton (cbrenton chrisbrenton org)

Re: SSH attacks? Jul 29 2004 05:03PM
Matt Beland (matt rearviewmirror org)

Re: SSH attacks? Jul 29 2004 05:02PM
Valdis Kletnieks vt edu

Re: SSH attacks? Jul 28 2004 06:42PM
Jyri Hovila (jyri hovila iki fi)

Re: SSH attacks? Jul 27 2004 08:46PM
Adam Young (adam vbfx com) (1 replies)

Re: SSH attacks? Jul 28 2004 08:19AM
Christine Kronberg (Christine_Kronberg genua de) (3 replies)

Re: SSH attacks? Jul 29 2004 04:53PM
Steve Schuster (sjs74 cornell edu)

Re: SSH attacks? Jul 29 2004 04:05PM
Merlijn Tishauser (merlijn begeleidingentraining nl)

Re: SSH attacks? Jul 29 2004 09:21AM
Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies)

Re: SSH attacks? Jul 30 2004 12:38AM
Jay D. Dyson (jdyson treachery net) (2 replies)

Re: SSH attacks? Jul 31 2004 12:06AM
mgotts 2roads com

Re: SSH attacks? Jul 31 2004 12:05AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:12AM
Christine Kronberg (Christine_Kronberg genua de) (2 replies)

Re: SSH attacks? Jul 30 2004 01:26AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:44AM
Pieter-Bas IJdens (pieter-bas ijdens com)

Re: SSH attacks? Jul 27 2004 07:21PM
Tom Laermans (tom laermans powersource cx)

Re: SSH attacks? Jul 27 2004 07:17PM
Chris Brown (chris wavetex com)

Re: SSH attacks? Jul 27 2004 06:24PM
Jason Falciola (falciola us ibm com)

Re: SSH attacks? Jul 27 2004 06:15PM
Paul Schmehl (pauls utdallas edu) (1 replies)

--On Tuesday, July 27, 2004 10:59:07 AM +1200 Robin <robin (at) kallisti.net (dot) nz [email concealed]>
wrote:
>
> While looking through the logs after someone ran over my system with
> Nessus, I noticed some odd ones from sshd (that don't seem to be related
> to the nessus scan):
> Jul 27 03:12:25 kallisti sshd[16471]: error: Could not get shadow
> information for NOUSER
>
> Does anyone know why this would appear all of a sudden?

Yes. These are compromised hosts that are being used to probe for
vulnerable versions of sshd. The login is irrelevant. The banner tells
they what they need to know.

You're not alone. We're seeing them regularly. And reporting them.

Paul Schmehl (pauls (at) utdallas (dot) edu [email concealed])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

[ reply ]

Re: SSH attacks? Jul 30 2004 06:37PM
George Georgalis (george galis org)

Re: SSH attacks? Jul 27 2004 06:06PM
Josh Tolley (josh raintreeinc com)

Re: SSH attacks? Jul 27 2004 06:00PM
Tobias Rice (rice up edu) (1 replies)

Re: SSH attacks? Jul 28 2004 03:43AM
Chris Brenton (cbrenton chrisbrenton org)