On Thursday 02 December 2004 12:10, Kai Pfeiffer wrote:
Hello list,
in my logs I found the appended entries. My question is, what is the intention of this guy. I don't understand, why he uses a few loginnames many times and others only one time. There is no account on my box which matches to one of the tested loginnames.
Another thing. I get this userlist (exactly the same names in the same order) from many different IPs.
You're cetainly not alone... http://www.google.com/search?q=patrick+rolo+cyrus+pamela Whjat are they trying to acheive? http://lists.virus.org/dshield-0410/msg00135.html Heh. Might be fun to find out one of the passwords being used and make a wee little honeypot for them to play with. Then once they've gained illegal entry, downloaded your (fake) passwd file and installed all sorts of dodgy services you can give them a bad time. Yes, I know the US Fed people won't chase anyone unless a certain amount of damage has been done, but if you're in the same state? Maybe other countries play by different rules? At any rate, if they can be tracked you can always inform their parents / ISP / employer / college if you think they're likely to care (hint: don't bother if from Asia/E.Europe) As an aside, do you need to allow global access to port 22? Tom.