[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re:[suse-security] SSH password attacks



Hi all,

I am, of course, seeing the same thing. I wonder if it might be because of SuSE now being owned by novell. Admin is a typical Novell server user account. Maybe someone is trying the attacks against the SuSE servers that they were using for Novell servers.

Just a thought.

Dustin





Hi,
by me the same:

...
Sep 13 14:53:25 tempi sshd[7383]: Failed password for invalid user test from
220.73.215.151 port 52864 ssh2
Sep 13 14:53:28 tempi sshd[7385]: Failed password for invalid user guest from
220.73.215.151 port 52992 ssh2
Sep 13 14:53:30 tempi sshd[7387]: Failed password for admin from
220.73.215.151 port 53128 ssh2
Sep 13 14:53:33 tempi sshd[7393]: Failed password for admin from
220.73.215.151 port 53260 ssh2
Sep 13 14:53:36 tempi sshd[7396]: Failed password for invalid user user from
220.73.215.151 port 53392 ssh2
Sep 13 14:53:39 tempi sshd[7398]: Failed password for root from 220.73.215.151
port 53539 ssh2
Sep 13 14:53:41 tempi sshd[7400]: Failed password for root from 220.73.215.151
port 53678 ssh2
Sep 13 14:53:44 tempi sshd[7406]: Failed password for root from 220.73.215.151
port 53814 ssh2
Sep 13 14:53:47 tempi sshd[7408]: Failed password for invalid user test from
220.73.215.151 port 53948 ssh2
...

what I can do, is to block the addresses and read less logs :)


On Mon, 20 Sep 2004 11:40:23 -0400, suse wrote
> This may not be strictly SuSE related, but what the heck: Lately,
>  I've been getting tons of attempts to login via ssh for "guest",
>  "test", "user", and "admin".  Plenty others for root, and even one
> that seemed to have been a list of some script kiddie's /etc/passwd.
>  The root ones are pretty obvious and always blocked, but I've found
> the others rather curious.
>
> Does anyone running a unix server really use "guest", "test", "user",
>  or "admin" as real accounts?  Judging by the volume of attempts I'm
> getting, there has to be something causing this.  Was a borked
> version of ssh server released for windows, or something?  Or is
> this trying to connect to zombie machines?  From what I understand,
>  ssh server isn't common on windows, and those accounts certainly
> aren't common to unix...  Anyone know what's going on here?
>
> (I'm not worried about my machines, root is blocked by sshd and I
> don't have the other accounts, I'm just curious.)
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here


--
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER
--
STTS


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here