Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: SSH probes?
From: iglope <iglope () ifrance com>
Date: Wed, 12 May 2004 09:03:57 +0100
Hi  Devdas


I got about 61 of these in my logs before I turned sshd off. This looks
like a brute force attempt at getting a login.

May  9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20  user=ftp

one time we have  : authentication failure;


May  9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown

Another we have :  check pass; user unknown
isn't a way to discover a valid user for next brute force session ?
may be u have to tune your ssh to send the same msg for valid and invalid user ? 




_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France


---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]