SecurityFocus

SSH attacks? Jul 26 2004 10:59PM
Robin (robin kallisti net nz) (10 replies)

Re: SSH attacks? Jul 29 2004 10:31AM
David Block (dave yucc yorku ca)

Re: SSH attacks? Jul 28 2004 04:33AM
brandy (brandy klammeraffe org) (2 replies)

Re: SSH attacks? Jul 29 2004 12:22AM
Andrew J Caines (A J Caines halplant com) (3 replies)

Re: SSH attacks? Jul 29 2004 10:12PM
Brian C. Lane (bcl brianlane com)

RE: SSH attacks? Jul 29 2004 06:32PM
Herman Frederick Ebeling Jr. (hfebelingjr lycos com)

Re: SSH attacks? Jul 29 2004 05:22PM
Marcus Merrin (marcus merrin emptyair com) (1 replies)

Re: SSH attacks? Jul 30 2004 12:58AM
Robin (robin kallisti net nz)

Re: SSH attacks? Jul 29 2004 12:18AM
Mike Whitley (mwhitley borg proceon com)

Re: SSH attacks? Jul 27 2004 09:12PM
buzz (reitenba fh-brandenburg de) (2 replies)

Re: SSH attacks? Jul 28 2004 07:05PM
Jyri Hovila (jyri hovila iki fi) (4 replies)

Re: SSH attacks? Jul 30 2004 05:40AM
Thomas Hochstein (ml ancalagon inka de)

Re: SSH attacks? Jul 29 2004 07:03PM
Chris Brenton (cbrenton chrisbrenton org)

Re: SSH attacks? Jul 29 2004 05:03PM
Matt Beland (matt rearviewmirror org)

Re: SSH attacks? Jul 29 2004 05:02PM
Valdis Kletnieks vt edu

Re: SSH attacks? Jul 28 2004 06:42PM
Jyri Hovila (jyri hovila iki fi)

Re: SSH attacks? Jul 27 2004 08:46PM
Adam Young (adam vbfx com) (1 replies)

Re: SSH attacks? Jul 28 2004 08:19AM
Christine Kronberg (Christine_Kronberg genua de) (3 replies)

Re: SSH attacks? Jul 29 2004 04:53PM
Steve Schuster (sjs74 cornell edu)

Re: SSH attacks? Jul 29 2004 04:05PM
Merlijn Tishauser (merlijn begeleidingentraining nl)

<oeps, my repy was to original sender only>
On 28-jul-04, at 10:19, Christine Kronberg wrote:
> Has anyone tried to capture that with an honeypot? I'm considering
> that for my own but lack the proper enviroment.
>

Hi
Located in Holland I see exactly the same...
Apart from the usual SK toolkits with a lot of account-names, I also
see the test/guest accounts coming by.

The ipaddresses are too random and the scan happens to often for SK
work me thinks.
Looks like a worm or root-kit.
What surprises me is that they don't try a password.
They just knock at the door and say hello with their username.
So I think it's certainly a version-check.

But I agree with the above...This calls for a honeypot...I hope someone
has the time and motivation to set one up...
For sofar I know this thing hasn't got a name yet...
I don't like things without a name

Cheers

Merlijn

[ reply ]

Re: SSH attacks? Jul 29 2004 09:21AM
Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies)

Re: SSH attacks? Jul 30 2004 12:38AM
Jay D. Dyson (jdyson treachery net) (2 replies)

Re: SSH attacks? Jul 31 2004 12:06AM
mgotts 2roads com

Re: SSH attacks? Jul 31 2004 12:05AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:12AM
Christine Kronberg (Christine_Kronberg genua de) (2 replies)

Re: SSH attacks? Jul 30 2004 01:26AM
Frank Knobbe (frank knobbe us)

Re: SSH attacks? Jul 29 2004 10:44AM
Pieter-Bas IJdens (pieter-bas ijdens com)

Re: SSH attacks? Jul 27 2004 07:21PM
Tom Laermans (tom laermans powersource cx)

Re: SSH attacks? Jul 27 2004 07:17PM
Chris Brown (chris wavetex com)

Re: SSH attacks? Jul 27 2004 06:24PM
Jason Falciola (falciola us ibm com)

Re: SSH attacks? Jul 27 2004 06:15PM
Paul Schmehl (pauls utdallas edu) (1 replies)

Re: SSH attacks? Jul 30 2004 06:37PM
George Georgalis (george galis org)

Re: SSH attacks? Jul 27 2004 06:06PM
Josh Tolley (josh raintreeinc com)

Re: SSH attacks? Jul 27 2004 06:00PM
Tobias Rice (rice up edu) (1 replies)

Re: SSH attacks? Jul 28 2004 03:43AM
Chris Brenton (cbrenton chrisbrenton org)