-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 6 Apr 2005 11:28:11 -0500, Dan Rue <[EMAIL PROTECTED]> wrote:
> In my experience, these are just script kiddies goofing around. The
> only useful thing to do is to report them to abuse@ their ISP - this can
> actually be effective in some cas
Martin McCormick wrote:
We have been noticing flurries of sshd reject messages in
which some system out there in the hinterlands hits us with a flood of
ssh login attempts. An example:
Other than spewing lots of entries in to syslog, what is the
purpose of the attack? Are they jus
On Wed, Apr 06, 2005 at 10:49:08AM -0500, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
> which some system out there in the hinterlands hits us with a flood of
> ssh login attempts. An example:
[snip]
If you search google, you'll see many recent simil
On Wed, Apr 06, 2005 at 10:49:08AM -0500, Martin McCormick wrote:
> We have been noticing flurries of sshd reject messages in
> which some system out there in the hinterlands hits us with a flood of
> ssh login attempts. An example:
>
> Apr 6 05:49:42 dc sshd[12406]: Failed password for il
On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte:
> I've build some swatch-rules that after two of these hits, I dump
> the host into ifpw-deny space.
>
Aye. I thought about writing a script, doing the same like yours, too.
Could you post this script somewhere, so that I could add some
functional
Luiz Eduardo Roncato Cordeiro writes:
>Probably, what you have seen is a force brute attack against your
>sshd. Unfortunately, this kind of attack still works.
My thanks to all who have responded. I am glad to know this
isn't more sinister than it appears to be. It did make me get
religi
At 11:49 AM 06/04/2005, Martin McCormick wrote:
We have been noticing flurries of sshd reject messages in
which some system out there in the hinterlands hits us with a flood of
ssh login attempts. An example:
Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
string fro
Martin McCormick wrote:
Apr 6 05:49:42 dc sshd[12422]: input_userauth_request: illegal
user chuck
You get the idea. This goes on for 3 or 4 minutes and then
just stops for now. I can almost promise that later, another attack
will start from some other IP address and blaze away fo
Hi,
Probably, what you have seen is a force brute attack against your
sshd. Unfortunately, this kind of attack still works.
Regards,
Cordeiro
On Wednesday April 6 2005 12:49, Martin McCormick > wrote:
> We have been noticing flurries of sshd reject messages in
> which some system out ther
We have been noticing flurries of sshd reject messages in
which some system out there in the hinterlands hits us with a flood of
ssh login attempts. An example:
Apr 6 05:41:51 dc sshd[88763]: Did not receive identification
string from 67.19.58.170
Apr 6 05:49:42 dc sshd[12389]:
On Tue, Apr 05, 2005 at 10:14:16AM +0200, Uwe Doering wrote:
> I can't tell why 'ovp' was introduced in the first place. Might have
> historical reasons. But that's how the code currently works. In the
> MAIN branch as well, according to CVS. So I'd suggest to replace 'vp'
> with 'ovp' in th
11 matches
Mail list logo
