Security Incidents mailing list archives
Re: Faking authloop for illegal user suzanne from 202.144.239.147 port 101{3,2}
From: Bob Rentschler <rentscb () WES ARMY MIL>
Date: Thu, 15 Feb 2001 13:03:13 -0600
On Thu, 15 Feb 2001, Wendell Craig Baker wrote: That is ssh faking a login so that valid usernames cannont be determined by trying random names and seeinf different behavior for valid vs non valid users. Basicly sshd knows its a bad user so it presents a phoney password prompt after the login has already failed due to the bad username. Bob
Does anyone have any folklore on a contact that looks like this? Just the two contacts: Jan 29 12:18:54 sploosh sshd[2817]: Faking authloop for illegal user suzanne from 202.144.239.147 port 1013 Jan 29 12:19:02 sploosh sshd[2817]: Connection closed by 202.144.239.147 Jan 29 12:19:11 sploosh sshd[2818]: Faking authloop for illegal user suzanne from 202.144.239.147 port 1012 Jan 29 12:19:15 sploosh sshd[2818]: Connection closed by 202.144.239.147 -- Wendell Craig Baker 415 699 9567 wbaker () baker com
Current thread:
- Faking authloop for illegal user suzanne from 202.144.239.147 port 101{3,2} Wendell Craig Baker (Feb 15)
- Re: Faking authloop for illegal user suzanne from 202.144.239.147 port 101{3,2} Bob Rentschler (Feb 15)