[H-GEN] Blocking SSH exploits

David de Groot david-humbug at viking.org.au
Sun Aug 22 06:19:23 EDT 2004


On 22/08/2004, at 7:12 PM, Sarah Walters wrote:
> Of course we don't have SSH enabled for root under any circumstances, 
> but we do SSH home frequently so would not want to block external IPs 
> altogether. Has anyone seen a similar increase in such attempts, and 
> is there something out there that I should know about?
>

I'm not sure, but it looks automated... my radius logs show:

eric:~ # grep root /var/log/radius/radius.log
Mon Aug 16 20:02:07 2004 : Auth: Login incorrect: [root/password] (from 
nas local port 22319 cli 210.15.112.41)
Mon Aug 16 20:02:11 2004 : Auth: Login incorrect: [root/root] (from nas 
local port 22324 cli 210.15.112.41)
Mon Aug 16 20:02:15 2004 : Auth: Login incorrect: [root/123456] (from 
nas local port 22326 cli 210.15.112.41)
Mon Aug 16 22:10:57 2004 : Auth: Login incorrect: [root/password] (from 
nas local port 28448 cli 210.15.112.41)
Mon Aug 16 22:11:01 2004 : Auth: Login incorrect: [root/root] (from nas 
local port 28456 cli 210.15.112.41)
Mon Aug 16 22:11:05 2004 : Auth: Login incorrect: [root/123456] (from 
nas local port 28461 cli 210.15.112.41)
Tue Aug 17 18:52:40 2004 : Auth: Login incorrect: [root/password] (from 
nas local port 24772 cli 203.146.102.54)
Tue Aug 17 18:52:43 2004 : Auth: Login incorrect: [root/root] (from nas 
local port 24775 cli 203.146.102.54)
Tue Aug 17 18:52:46 2004 : Auth: Login incorrect: [root/123456] (from 
nas local port 24777 cli 203.146.102.54)
Sun Aug 22 19:50:27 2004 : Auth: Login incorrect: [root/password] (from 
nas local port 29782 cli 221.3.131.80)
Sun Aug 22 19:50:32 2004 : Auth: Login incorrect: [root/root] (from nas 
local port 29784 cli 221.3.131.80)
Sun Aug 22 19:50:36 2004 : Auth: Login incorrect: [root/123456] (from 
nas local port 29787 cli 221.3.131.80)

So we can see there's passwords of "root", "123456" and "password" used 
on each attempt. Definitely looks scripted.

Dave





More information about the General mailing list