Re: failed root login attempts

To: debian-security@lists.debian.org
Subject: Re: failed root login attempts
From: Romain Francoise <rfrancoise@debian.org>
Date: Sun, 19 Sep 2004 22:35:05 +0200
Message-id: <[🔎] 87u0tuc806.fsf@orebokech.com>
Mail-followup-to: debian-security@lists.debian.org
References: <[🔎] 20040919183057.GA22093@cirrus.madduck.net>

martin f krafft <madduck@madduck.net> writes:

> Are there any distinctive marks in the SSH login attempt that one
> could filter on?

Yes, the SSH banner: my honeyd logs show that of all such attempts, 63%
use the banner 'SSH-2.0-windrone2', 35% use the banner
'SSH-2.0-libssh-0.1'.

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@debian.org>
 `. `'         http://people.debian.org/~rfrancoise/
   `-

Reply to:

References:
- failed root login attempts
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: failed root login attempts
Next by Date: Re: failed root login attempts
Previous by thread: Re: failed root login attempts
Next by thread: Re: failed root login attempts
Index(es):
- Date
- Thread