[Intrusions] Re: FYI - SSH bruteforcing

Karl A. Krueger kkrueger at whoi.edu
Fri Dec 3 15:32:48 GMT 2004


Andrew Daviel wrote:
> Date: Fri, 3 Dec 2004 00:48:26 -0800 (PST)
> 
> Recently we had a brute-force attempt to guess SSH passwords from a
> machine in taiwan 203.95.227.177 (www.shark-tw.net)
> 
> The process identifies itself as SSH-2.0-libssh-0.1 and tries to guess
> passwords for the users root,admin, test and guest.
> 
> We had an earlier run-in with this kind of thing - the password guessed
> for guest is guest I think .. hey, that rhymes .. :-)

We've been seeing this for months now, on the same account names:  root,
admin, guest, and test.  The attacks mostly seem to be coming from China
and India, though we've seen some from (compromised?) systems on U.S.
consumer ISPs.

-- 
Karl A. Krueger <kkrueger at whoi.edu>
Network Security -- Linux/Unix Systems Support -- Etc.
Woods Hole Oceanographic Institution




More information about the Intrusions mailing list