Security Basics mailing list archives
Re: SSH Scans
From: "Rodrigo Fernandez" <rod.rio () gmail com>
Date: Fri, 17 Mar 2006 20:10:00 -0300
Hi, Nice work you did out there! Here in Brasil we do have researches like this too. There is a brasilian CSIRT called CAIS-RNP (www.rnp.br/cais) that cares for the RNP internetwork and has been studying SSH brute force attempts in Brasil for about a year. It is confirmed that high-speed automated brute-force tools are running in brasilian hosts, specially in Universities, where security area is not well implemented. Those hosts become potential victims because of the good equipment, long uptime records and low-level security policies. CAIS discovered that Japanese words are being used, and modifying a SSH Server, they disclosed the passwords, revealing also new behaviours of those automated tools. Dictionaries words are no longer the danger of "root","admin" and "guest" accounts... Attackers are now trying passwords intelligently built. Passwords like "1q2w3e" and "qwerty" are also been used. But curiously CAPS letters still not being used. Att. Rodrigo Fernandez On 3/16/06, Michel Pereira <michel () michel eti br> wrote:
After of seeing a lot of ssh scans on my firewalls and home PC, I made a script that filters out the "Invalid User" entry inside /var/log/messages and do some cleaning process, the result is a dictionary (homebrew) of users that tried to login into my hosts. Into the dictionary I saw english and Brazilian Portuguese words, maybe we have Brazilian hackers running scan bots too. This work is only for experiment and curiosity to see what is happening with Internet today, you can get the script and dictionary in http://www.michel.eti.br/2006/03/ssh-scans.html If you have a better idea of sugestion, please mail me: "michel () michel eti br" Bye -- Só Jesus salva,o homem faz backups. http://www.michel.eti.br --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Rodrigo M. T. Fernandez Departamento de Ciência da Computação UFRJ Grupo de Respostas a Incidentes de Segurança - GRIS UFRJ www.dcc.ufrj.br | www.gris.dcc.ufrj.br --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- SSH Scans Michel Pereira (Mar 17)
- Re: SSH Scans Rodrigo Fernandez (Mar 20)
- Re: SSH Scans Ayaz Ahmed Khan (Mar 20)
- <Possible follow-ups>
- RE: SSH Scans Bergert, David (Mar 20)