Security Incidents mailing list archives
Re: SSH bruteforce on its way...
From: Michael Lang <Michael.Lang () jackal-net at>
Date: Wed, 26 Oct 2005 10:17:53 +0200
On Wed, 2005-10-26 at 08:29 +0200, Lionel Ferette wrote:
Hello Michael,
Hello Lionel,
In the wise words of Michael.Lang () jackal-net at, on Tuesday 25 October 2005 09:29: [SNIP]I've put the session data on a website (http://www.jackal-net.at/tiki-read_article.php?articleId=20) where you can see what i've setup and what the guys where doing. (currently only one session is online but i'm sure, others will follow :) ... )Just had a look at that page, and I would recommend against using ethereal to capture traffic: there are too many vulnerabilities in ethereal's decoders (a few have been disclosed last week) to allow that program to run unattended as root (needed to capture traffic). Instead, I always recommend to use tcpdump: tcpdump -s 1500 -w traffic.trace port 22 (in your case you're only interested in ssh traffic, aren't you? otherwise, just skip the 'port 22' part). Then, *as a normal user*, open the trace file with ethereal if you don't like tcpdump's output of tcpdump -s 1500 -r traffic.trace -X
i´m running ethereal on a Host *outside* of the Machine which runs Fedora Core4 Ethereal version ethereal-0.10.13-1.FC4.2 which should be aware of all currently known issues. thanks anyway Kind regards Michael Lang
Regards, Lionel
-- Michael Lang <Michael.Lang () jackal-net at>
Current thread:
- Re: SSH bruteforce on its way..., (continued)
- Re: SSH bruteforce on its way... Daniel Cid (Oct 26)
- Re: SSH bruteforce on its way... Valdis . Kletnieks (Oct 25)
- Re: SSH bruteforce on its way... Michael . Lang (Oct 25)
- Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
- Re: SSH bruteforce on its way... Volker Tanger (Oct 26)
- SNMP worm? David Gillett (Oct 26)
- Re: SNMP worm? Mark Ryan del Moral Talabis (Oct 26)
- RE: SNMP worm? David Gutierrez (Oct 26)
- Re: SSH bruteforce on its way... Christine Kronberg (Oct 31)
- Re: SSH bruteforce on its way... Javier Fernandez-Sanguino (Oct 26)
- Re: SSH bruteforce on its way... Lionel Ferette (Oct 26)
- Re: SSH bruteforce on its way... Michael Lang (Oct 26)
- Re: SSH bruteforce on its way... Bryan Hatter (Oct 26)