Mailinglist Archive: opensuse-security (332 mails)

< Previous Next >
Re: [suse-security] SSH password attacks
Try to protect your ssh with tcp wrappers.


----- Original Message -----
From: "dadirtyluk" <news4dadirtyluk@xxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Monday, September 20, 2004 7:10 PM
Subject: AW: [suse-security] SSH password attacks


> yo,
>
> i've seen these login attempts on two of my machines, too!
>
> don't know where that comes from, but sometimes in the night i could see
> plenty pages of denied login attempts.
>
> a few weeks ago that stopped, but i didn't do anything to avoid these
> attempts...silly thing, since it were the same users as for you and some
> more different users, but none of them existed locally!
>
> but it sucked quite a bit to see these log entries over and over again!
>
> regards luk
>
>
> -----Ursprüngliche Nachricht-----
> Von: suse@xxxxxx [mailto:suse@xxxxxx]
> Gesendet: Montag, 20. September 2004 17:40
> An: suse-security@xxxxxxxx
> Betreff: [suse-security] SSH password attacks
>
>
> This may not be strictly SuSE related, but what the heck: Lately, I've
been
> getting tons of attempts to login via ssh for "guest", "test", "user", and
> "admin". Plenty others for root, and even one that seemed to have been a
> list
> of some script kiddie's /etc/passwd. The root ones are pretty obvious and
> always blocked, but I've found the others rather curious.
>
> Does anyone running a unix server really use "guest", "test", "user", or
> "admin"
> as real accounts? Judging by the volume of attempts I'm getting, there
has
> to
> be something causing this. Was a borked version of ssh server released
for
> windows, or something? Or is this trying to connect to zombie machines?
> From
> what I understand, ssh server isn't common on windows, and those accounts
> certainly aren't common to unix... Anyone know what's going on here?
>
> (I'm not worried about my machines, root is blocked by sshd and I don't
have
> the
> other accounts, I'm just curious.)
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>



< Previous Next >
References