lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040731184233.GD499@localghost.muenther.de>
From: jan.muenther at nruns.com (Jan Muenther)
Subject: Automated SSH login attempts?

Hey Valdis,

> It's more likely that there's one version, making noise and very rarely finding
> a box with stupid passwords.  It's possible there's another rare version that
> tries several stupid passwords and a few old SSH vulnerabilities.  Is there
> *any* reliable evidence (even a single box) that appears to have been nailed by
> a new exploit?

Hm, as of this frauder binary, I have my strong doubts... looked at it, and 
it's a plain brute forcer / banner grabber which is statically linked against
SSH-2.0-libssh-0.1. No magic visible, at least not in the given timeframe, and 
my gut feeling is that that's it. 

> 
> I'll gladly change my mind, but it will take somebody actually finding a
> box running a *recent* SSH and had guest/test/and_so_on properly secured,
> and the attack *still* got in....

I assume in the aforementioned takeovers other factors were involved. 

Cheers, J.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ