From owner-freebsd-security@FreeBSD.ORG Fri Aug 13 19:19:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90C6D16A4CE for ; Fri, 13 Aug 2004 19:19:16 +0000 (GMT) Received: from mail.ctch.net (mail.ctch.net [206.168.231.99]) by mx1.FreeBSD.org (Postfix) with SMTP id 5425043D48 for ; Fri, 13 Aug 2004 19:19:16 +0000 (GMT) (envelope-from gkuhn@ctch.net) Received: (qmail 14518 invoked from network); 13 Aug 2004 19:19:15 -0000 Received: from 63-227-123-49.dnvr.qwest.net (HELO ctch-fd59mrr24t.ctch.net) (gkuhn@ctch.net@63.227.123.49) by mail.ctch.net with SMTP; 13 Aug 2004 19:19:15 -0000 Message-Id: <6.1.2.0.2.20040813130613.02875fd0@mail.ctch.net> X-Sender: gkuhn@ctch.net@mail.ctch.net X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Fri, 13 Aug 2004 13:19:12 -0600 To: freebsd-security@freebsd.org From: Gregory Kuhn In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: sequences in the auth.log X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 19:19:16 -0000 At 11:35 AM 8/13/2004, Craig Edwards wrote: >ive been getting this too on both my freebsd boxes, it seems to be an >epidemic. i guess its some form of ssh scanner looking for open accounts >with no passwords (or easily guessable passwords)? Just one more reason to mandate strict passwords for any accounts that have interactive shell access. It is also why we don't allow shell accounts to our users, with exception of a very small few (approximately 5 out of 200) and those users are required to maintain very strict passwords containing uppercase, lowercase, numeric and special characters in their passwords and they must be changed every 30 days and they are not allowed to reuse passwords...EVER! My personal experience with end-users (at least most of them) is given the opportunity, the end-user will opt for the easy to remember (a.k.a. easy to guess) password. We have all heard the jokes about the password being "password", its no joke...neither is first names, last names and so on...four letter passwords are a favorite of the average end-user too. lusers...you can't live with them, you can't live without them, you can only try to educate them. Greg > >165.21.103.20 port 39836 ssh2 > >Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20 > >Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57 > >Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57 > > > >What are these? > > > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"