H
hopfe
Haudegen
Hallo hat jemand von euch ähnliche Beobachtungen gemacht?
Habe folgende Infos von der Gentoo-security-Mailinglist.
Mir ist bisher noch nichts aufgefallen, werde am We aber mal meine Logs überprüfen.
Habe folgende Infos von der Gentoo-security-Mailinglist.
Mir ist bisher noch nichts aufgefallen, werde am We aber mal meine Logs überprüfen.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Over the past few days I've noticed many attempts from different sources
trying to login on ssh via guest/test/admin/etc accounts. Looking
further into the matter I found SANS is looking for information too.
http://www.incidents.org/diary.php?date=2004-07-23
http://www.incidents.org/diary.php?date=2004-07-25
and more information here:
http://www.dslreports.com/forum/remark,10854834~mode=flat~days=9999
It appears as the net is getting hit with these all over. I would guess
this is a very early stage of some kind of new worm/exploit in the
works. What is more, it appears to have the ability to pass some NAT
boxes by tricking them into replying back to the source.
If you're not already doing so, I recommend to disable password
interactive login and enforce key only logins. This will prevent some
of the ssh exploits, brute-force attacks, and general script kiddies.
And as always, upgrade to the latest version of OpenSSH/OpenSSL.
- --
Greg Watson
http://www.linuxlogin.com
GnuPG Key: http://www.linuxlogin.com/gpg_key.pub
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBBoMk0stmTYtmfxsRAgEtAJ4xX4NUhVY1TrQ2sLVw2VOH3/02KACgiOak
7fJRiR57F4RbRZQflDbIVqs=
=r4zY
-----END PGP SIGNATURE-----