Security Incidents mailing list archives
Re: SSH scans...
From: Raymond Lillard <rlillard () sonic net>
Date: Mon, 20 Dec 2004 10:45:55 -0800
Dejan Markovic wrote:
Hi Guys, Don't know whether this is the right list, but need to ask if others have the same entries in their logs for the past number of months. Let me take a step back, I maintain a number of networks on different IP ranges and they are all being probed by what looks like a tool, or maybe it is the same group/script. The originating computers range from open proxies to owned boxes and there are two distinct patterns I've seen so far. The following scan is a recent example where the root/password from x.x.x.x: 59 Time(s) caught my attention the first time a while back, and still getting the same scans on a daily basis: account/password from 210.245.168.28: 1 Time(s) adam/password from 210.245.168.28: 1 Time(s)
snippage ........ Everybody is getting hit with this non-sense and anybody who administrates a network that is compromised by it should be banned from computer administration. This should fail for at least these reasons: 1. "ssh" should be configured to prohibit root logins 2. All machines should be configured to prohibit direct root logins except on the physical console 3. Proper attention to passwords If the above is in order, you are in no danger. Ray PS I'm curious, has anybody heard of these scans compromising a machine, ever?
Current thread:
- Re: SSH scans..., (continued)
- Re: SSH scans... Harald Nesland (Dec 20)
- RE: SSH scans... another possible solution Ron Moore (Dec 20)
- Re: SSH scans... Dejan Markovic (Dec 20)
- Re: SSH scans... Barrie Dempster (Dec 20)
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: [incidents] SSH scans... Tim Kennedy (Dec 20)
- Message not available
- Re: SSH scans... Harald Nesland (Dec 20)
- Re: SSH scans... Keith Morgan (Dec 20)
- Re: SSH scans... Gerry Dalton (Dec 20)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... skippy1 (Dec 21)
- Re: SSH scans... Peter Willis (Dec 20)
- Re: SSH scans... Raymond Lillard (Dec 20)
- Re: SSH scans... Ben Nelson (Dec 20)
- Re: SSH scans... Steve Kemp (Dec 20)
- RE: SSH scans... KEM Hosting (Dec 21)
- Re: SSH scans... Michael H. Warfield (Dec 21)
- Re: SSH scans... nixsec (Dec 22)
- Re: SSH scans... Dejan Markovic (Dec 22)
- re: SSH scans... brian () ethernet org (Dec 21)
- re: SSH scans... Kerry Thompson (Dec 22)