Date: Sat, 18 Sep 2004 16:14:31 +0200 From: Frankye - ML <listsucker@ipv5.net> To: freebsd-security@freebsd.org Subject: Re: Attacks on ssh port Message-ID: <20040918161431.53a63dd3@godzilla> In-Reply-To: <414C2798.7060509@withagen.nl> References: <414C2798.7060509@withagen.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Sep 2004 14:18:32 +0200 Willem Jan Withagen <wjw@withagen.nl> wrote: | Hi, | | Is there a security problem with ssh that I've missed??? | Ik keep getting these hords of: | Failed password for root from 69.242.5.195 port 39239 ssh2 | with all kinds of different source addresses. FYI, the past month there were a couple of (quite long) threads on this thing on bugtraq and incidents @securityfocus. It seems to be some worm that scans for weak passwords, someone on incidents published a webpage on this stuff here: http://www.jaenicke.org/sk/ with the binaries used and an irc log chatting with one of the kiddies. The sources seems to mainly be cracked boxes with, aemh... blank root passwords. (everytime I read the previous 3 words together I shudder, apologies if they have the same effect on you :) | they're back and keep clogging my logs. | Is there a "easy" way of getting these ip-numbers added to the | blocking-list of ipfw?? I've just moved the public port of the sshd on another port, quite lame but at least I'm not bothered by worms :) HTH Frankye -- Frankye Fattarelli |U| |P| |S|F| frankye.DIESPAMMERSDIE@ipv5.net |R| |S| |Y|I| this email is RFC 3514 compliant |G| |H| |N|N|
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040918161431.53a63dd3>