Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Automated SSH login attempts?
From: Valdis.Kletnieks () vt edu
Date: Fri, 30 Jul 2004 14:39:40 -0400

On Fri, 30 Jul 2004 09:39:55 EDT, "Neal O'Creat" said:
Could it be possible that there are different versions of this, one 
making noise and one much rarer one with an exploit?

It's more likely that there's one version, making noise and very rarely finding
a box with stupid passwords.  It's possible there's another rare version that
tries several stupid passwords and a few old SSH vulnerabilities.  Is there
*any* reliable evidence (even a single box) that appears to have been nailed by
a new exploit?

I'll gladly change my mind, but it will take somebody actually finding a
box running a *recent* SSH and had guest/test/and_so_on properly secured,
and the attack *still* got in....

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]