Re: Very strange SSH probe

[Martin Visser <martinvisser99 () gmail com>]

This would seem to be just a variant of a common-variety kiddie-script.
Everyone that has an ssh server on the net will be seeing attempts to login.
Usually there is a whole lot of common user names being attempted. This
could be a new botnet being tested out if the source IPs are genuine
(not-being spoofed). Provided you are either using non-guessable passwords
(or what you should be using is using SSH keys rather than passwords) then
there is not much to worry about.

Regards, Martin

MartinVisser99 () gmail com


On Mon, Jul 12, 2010 at 11:51 PM, Michael Glenn <MGlenn () cco state oh us>wrote:

>  Anyone else seeing this?
>
> Every five to six minutes, my Linux boxes are seeing a single connection
> attempt via SSH. What makes this unusual is that the user ID is always
> 'test1' and the source IPs are all over the map; I don't think I've seen the
> same IP address twice yet.
>
> Interesting, yes?
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe