[geeks] ssh attacks
Thomas Gallaway
rescue at port11.net
Wed Aug 11 12:58:51 CDT 2004
Ross Lonstein wrote:
>On Wed, Aug 11, 2004 at 11:47:29AM -0400, Kevin wrote:
>
>
>>Lately, i've been getting several ssh login attempts to accounts
>>user, admin and test. Mostly from European and Asian countries.
>>
>>Is there some type of automated worm out there trying to exploit
>>an ssh vulnerability?
>>
>>Anyone else getting this crap?
>>
>>
> [snip]
>
>I started seeing it around June 12th. Annoying.
>
>
I have a box sitting next to me.
FreeBSD 4.10 connected to a public IP. Once I am done configuring it, it
will on successfull default login (using the defaults they use on the
probes) send me an email and also monitor everything that happens to the
box.
I will be using ttysnoop to mirror all the data on the tty's to a serial
console connected to a 2nd box that is not connected to the network and
just logs the data coming from the serial ports.
The other serial port will dump auth.log. And if I can find a 3rd serial
cable it will dump messages.
Anybody want to throw in usefull input?
More information about the geeks
mailing list