on Wed, Apr 25, 2001 at 11:14:32AM -0700, brian moore (bem@cmc.net) wrote: > On Wed, Apr 25, 2001 at 01:03:28PM -0500, hanasaki wrote: > > The below turned up in my syslog the other day... Can someone please > > explain it? > > > > TIA > > > > Apr 25 00:45:00 portal sshd[23291]: Faking authloop for illegal user > > administrator from 4.60 ... > > It means that someone tried to ssh in with the username of > 'administrator' and sshd faked the authorization to not divulge that the > username was not valid. (ie, it pretended the username/password pair > was invalid, not that the username itself was). Note that 'administrator' is the default WinNT admin account. Anyone seeing such probes -- are there known SSH vulnerabilities with NT? -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpfaN9o_A3JB.pgp
Description: PGP signature