Date: Fri, 13 Aug 2004 13:19:12 -0600 From: Gregory Kuhn <gkuhn@ctch.net> To: freebsd-security@freebsd.org Subject: Re: sequences in the auth.log Message-ID: <6.1.2.0.2.20040813130613.02875fd0@mail.ctch.net> In-Reply-To: <E1Bvfzw-000EPH-KA@brainbox.winbot.co.uk> References: <E1Bvfzw-000EPH-KA@brainbox.winbot.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:35 AM 8/13/2004, Craig Edwards wrote: >ive been getting this too on both my freebsd boxes, it seems to be an >epidemic. i guess its some form of ssh scanner looking for open accounts >with no passwords (or easily guessable passwords)? Just one more reason to mandate strict passwords for any accounts that have interactive shell access. It is also why we don't allow shell accounts to our users, with exception of a very small few (approximately 5 out of 200) and those users are required to maintain very strict passwords containing uppercase, lowercase, numeric and special characters in their passwords and they must be changed every 30 days and they are not allowed to reuse passwords...EVER! My personal experience with end-users (at least most of them) is given the opportunity, the end-user will opt for the easy to remember (a.k.a. easy to guess) password. We have all heard the jokes about the password being "password", its no joke...neither is first names, last names and so on...four letter passwords are a favorite of the average end-user too. lusers...you can't live with them, you can't live without them, you can only try to educate them. Greg <snip> > >165.21.103.20 port 39836 ssh2 > >Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20 > >Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57 > >Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57 > > > >What are these? > > > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.1.2.0.2.20040813130613.02875fd0>