[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [suse-security] SSH password attacks



yo,

i've seen these login attempts on two of my machines, too!

don't know where that comes from, but sometimes in the night i could see
plenty pages of denied login attempts.

a few weeks ago that stopped, but i didn't do anything to avoid these
attempts...silly thing, since it were the same users as for you and some
more different users, but none of them existed locally!

but it sucked quite a bit to see these log entries over and over again!

regards luk


-----Ursprüngliche Nachricht-----
Von: suse@xxxxxx [mailto:suse@xxxxxx]
Gesendet: Montag, 20. September 2004 17:40
An: suse-security@xxxxxxxx
Betreff: [suse-security] SSH password attacks


This may not be strictly SuSE related, but what the heck: Lately, I've been
getting tons of attempts to login via ssh for "guest", "test", "user", and
"admin".  Plenty others for root, and even one that seemed to have been a
list
of some script kiddie's /etc/passwd.  The root ones are pretty obvious and
always blocked, but I've found the others rather curious.

Does anyone running a unix server really use "guest", "test", "user", or
"admin"
as real accounts?  Judging by the volume of attempts I'm getting, there has
to
be something causing this.  Was a borked version of ssh server released for
windows, or something?  Or is this trying to connect to zombie machines?
From
what I understand, ssh server isn't common on windows, and those accounts
certainly aren't common to unix...  Anyone know what's going on here?

(I'm not worried about my machines, root is blocked by sshd and I don't have
the
other accounts, I'm just curious.)

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here