Date: Fri, 13 Aug 2004 18:35:06 +0100 From: "Craig Edwards" <brain@winbot.co.uk> To: "Sandor Berta" <berta@beco.hu>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: sequences in the auth.log Message-ID: <E1Bvfzw-000EPH-KA@brainbox.winbot.co.uk>
next in thread | raw e-mail | index | archive | help
ive been getting this too on both my freebsd boxes, it seems to be an epidemic. i guess its some form of ssh scanner looking for open accounts with no passwords (or easily guessable passwords)? Thanks, Craig >Hi all, >I found similar sequences in the <snip> >165.21.103.20 port 39836 ssh2 >Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20 >Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57 >Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57 > >What are these? >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Bvfzw-000EPH-KA>