|
Security Incidents
mailing list archives
ssh scans using username 'test' or 'oracle'?
From: Matt Zimmerman <mdz () csh rit edu>
Date: Thu, 2 May 2002 11:14:01 -0400
I have seen this twice now on two geographically, topologically and
administratively different systems. The probe was slightly different, but
close enough to attract my attention.
May 1 14:08:15 box1 sshd[11762]: Failed none for illegal user test from 211.4.205.72 port 46827 ssh2
May 1 14:08:15 box1 sshd[11763]: Failed none for illegal user oracle from 211.4.205.72 port 46828 ssh2
May 1 23:04:37 box2 sshd[27428]: Failed password for illegal user test from 202.8.228.198 port 4338
Has anyone else seen probes of this sort recently?
--
- mdz
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- ssh scans using username 'test' or 'oracle'? Matt Zimmerman (May 02)
|
Intro
