[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Automated SSH login attempts?

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-Disclosure] Automated SSH login attempts?
From: Jan Muenther <jan.muenther@xxxxxxxxx>
Date: Sat, 31 Jul 2004 20:42:33 +0200

Hey Valdis,

> It's more likely that there's one version, making noise and very rarely 
> finding
> a box with stupid passwords.  It's possible there's another rare version that
> tries several stupid passwords and a few old SSH vulnerabilities.  Is there
> *any* reliable evidence (even a single box) that appears to have been nailed 
> by
> a new exploit?

Hm, as of this frauder binary, I have my strong doubts... looked at it, and 
it's a plain brute forcer / banner grabber which is statically linked against
SSH-2.0-libssh-0.1. No magic visible, at least not in the given timeframe, and 
my gut feeling is that that's it. 

> 
> I'll gladly change my mind, but it will take somebody actually finding a
> box running a *recent* SSH and had guest/test/and_so_on properly secured,
> and the attack *still* got in....

I assume in the aforementioned takeovers other factors were involved. 

Cheers, J.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing
Next by Date: Re: [Full-Disclosure] Automated SSH login attempts?
Previous by thread: [Full-Disclosure] Re: Mozilla Firefox Certificate Spoofing
Next by thread: Re: [Full-Disclosure] Automated SSH login attempts?
Index(es):
- Date
- Thread