[lug] Attacks Intensifying

Nick Golder nrg at nirgo.net
Thu Oct 28 08:41:50 MDT 2004


On 2004-10-28 07:52 -0600, Bill Thoen wrote:
> I've been noticing ever more concerted attacks via ssh lately. The last 
> two last night were from karp.ece.cmu.edu: 34 times, and 206.166.198.131: 
> 107 times. They try user names like nobody, user, rolo, etc., and more 
> disturbingly, root. So far they haven't succeeded.
> 
> But I was wondering... Is there any way to see what passwords these
> scripted attacks are trying? My messages and secure logs don't show it.  
> I'm just curious to see how close they might be getting.
> 

If I remember correctly, they try a standard dictionary style attack of
common strings for passwords.  However, it shouldn't matter how close
they actually do get.  All the user accounts that are listed shouldn't
have (by good practices at least) logins via ssh.

-- 
-Nick Golder



More information about the LUG mailing list