Firewall Wizards mailing list archives

SSH brute force attack

From: "Toderick, Lee W" <TODERICKL () MAIL ECU EDU>
Date: Fri, 24 Jun 2005 13:17:17 -0400

Greetings!

Our computers running SSH daemons have logged attacks. The attacks begin
with a scan logged "Did not receive identification string from x.x.x.x",
followed approximately 15 minutes later with "Illegal user " or " Failed
password for root". 

Does anyone have information or documentation about this scan/attack?
Following is a list of Illegal users:
# cat secure.4 | grep "193.24.213.216" | cut -d " " -f6-12 | grep "Illegal"
| cut -d " " -f 3
sun0s
reboot
reboot
flood
irc
key
david
htpd
httpd
jared42
cchen
admin
admin
admin
admin
test
test
test
test
test
test
test
admin
akcesbenefit
b3
njproghouse
schaiderhair
perseus
guardit
phpbb
bejgli
forums
temp
eric
staff
bb
maggie
rock
sandra
kim
recruit
alina
dana
bloodclansb
jeff

Thanks,
Lee Toderick

Attachment: smime.p7s
Description:

Current thread:

SSH brute force attack Toderick, Lee W (Jun 30)