We have been noticing flurries of sshd reject messages in which some system out there in the hinterlands hits us with a flood of ssh login attempts. An example:
Apr 6 05:41:51 dc sshd[88763]: Did not receive identification string from 67.19.58.170 Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal user anonymous Other than spewing lots of entries in to syslog, what is the purpose of the attack? Are they just hoping to luck in to an open account? The odds of guessing the right account name and then guessing the correct password are astronomical to say the least.
Actually, sadly the odds are far too good given the cost to run such a script. Unless you force users to use GOOD passwords, they will use dumb ones.... Think Paris Hilton recently. The cost to let a script like that go in the background and pound away at hosts that have open ssh access is zilch. If you have ftpd running anywhere, you will see similar attempts
---Mike
_______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
