[Intrusions] Re: FYI - SSH bruteforcing
Karl A. Krueger
kkrueger at whoi.edu
Fri Dec 3 15:32:48 GMT 2004
Andrew Daviel wrote:
> Date: Fri, 3 Dec 2004 00:48:26 -0800 (PST)
>
> Recently we had a brute-force attempt to guess SSH passwords from a
> machine in taiwan 203.95.227.177 (www.shark-tw.net)
>
> The process identifies itself as SSH-2.0-libssh-0.1 and tries to guess
> passwords for the users root,admin, test and guest.
>
> We had an earlier run-in with this kind of thing - the password guessed
> for guest is guest I think .. hey, that rhymes .. :-)
We've been seeing this for months now, on the same account names: root,
admin, guest, and test. The attacks mostly seem to be coming from China
and India, though we've seen some from (compromised?) systems on U.S.
consumer ISPs.
--
Karl A. Krueger <kkrueger at whoi.edu>
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution
More information about the Intrusions
mailing list