[Tfug] Anybody here(sic) of a new SSH vulnerability?
Choprboy
choprboy at dakotacom.net
Wed Jul 28 12:24:41 MST 2004
On Wednesday 28 July 2004 12:03, Brian Murphy wrote:
> You're most likely seeing probing done by a botnet looking for infected
> hosts. There are several old attack vectors for linux systems that not
> everyone has patched. (i.e. mremap for kernel[1])
>
Well, as I said a couple days ago... I figure these are probably
trojaned/birus infected machines that are scanning large blocks for SSH
enabled machines with default accounts/passwords.
All of the attempts have been a SSH login as admin/root/guest/etc. with no
password or (what I guess is) a default password. I normally (for the past 6
months) see a couple attempts a week of this type of activity... For the last
2 weeks now I have seen it 2-5 times per day against each of half a dozen
servers across the country...
That's why I had asked, I was wondering if it was some lastest version of a
Winblows virus or something that was mass-scanning... And yes I know my
spelling sucks... happens when your a fat-fingered dyslexic.
Adrian
More information about the tfug
mailing list