[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Automated SSH login attempts?

To: Jay Libove <libove@xxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Automated SSH login attempts?
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Sun, 25 Jul 2004 20:49:41 -0500

--On Thursday, July 22, 2004 10:47 AM -0400 Jay Libove <libove@xxxxxxxxxxx> wrote:

Here are some log entries from my system:

Jul 15 10:01:34 panther6 sshd[8267]: Illegal user test from 62.67.45.4
Jul 15 10:01:34 panther6 sshd[8267]: Failed password for illegal user

We've been seeing these as well, and in every case we've notified the owners, they have mailed us back to let us know that the host had been rooted.

You would be doing the owners a big favor by notifying them that their host is probably compromised.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [VulnDiscuss] Re: [Full-Disclosure] Automated SSH login attempts?
  - From: RBabb

References:
- [Full-Disclosure] Automated SSH login attempts?
  - From: Jay Libove

Prev by Date: RE: [ok] [Full-Disclosure] Possible Virus/Trojan
Next by Date: Re: [Full-Disclosure] Automated SSH login attempts?
Previous by thread: Re: [Full-Disclosure] Automated SSH login attempts?
Next by thread: Re: [VulnDiscuss] Re: [Full-Disclosure] Automated SSH login attempts?
Index(es):
- Date
- Thread