[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security

On Fri, 2005-01-28 at 09:46 +0000, michael wrote:
> I notice that frequently many machines around here get attacked by a
> potential hacker (a prog I guess) trying lots of usernames to get in to
> all the machines, using the same set of usernames at the same time. Have
> people seen this on their machines? I'm guessing it's a virus/worm on a
> Windows box doing this but does anybody know more? 
> I've followed & done most of the suggestions listed in chpts 4 & 5 of
> "Securing Debian" HowTo/Manual although I will admit to not following
> and therefore not having got around to firewalling. Other suggestions
> most welcome.

I saw it the day this got posted.


I can tell you this, many of the machines are not Windows Hosts. I
believe they are "rooted" *NIX  machines. As I have seen multiple
attempts from the same hosts.

I have seen one machine doing one scan with a different name being used,
once a week. I believe this is the good'ole traditional Brute Force
using a newly written Binary.

Originally it started with the two user "test" and "guest", but lotsa
variants have popped up since then. Recently I had one machine do over
2000 iterations. I just laugh, the machine they are trying, well only
allows SSH from certain Hosts, all but one is behind the firewall with
the machine using NAT. The one lone machine updates my DNS for the IP
addr it is... sorta like DYNDNS client.

But enough, I'll tell you, the passwords they are trying are lame too.

greg, greg@gregfolkert.net

The technology that is
Stronger, better, faster:  Linux

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: