SUMMARY: ssh attacks

From: Dr. Hans Ekkehard Plesser (hans.ekkehard.plesser_at_nlh.no)
Date: 09/09/04

Next message: Martin Simmen: "XP1000 no graphics"

Previous message: Mark Schubert: "How many processes can I have?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 09 Sep 2004 10:50:12 +0200
To: tru64-unix-managers@ornl.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please excuse my belated summary. I had experienced ssh-login attacks on a
Tru64 machine I am managing. Thanks to Jean-Pierre Denis for pointing out
the attacker, brutessh2. You can find the source code here:

http://www.k-otik.com/exploits/08202004.brutessh2.c.php

After 100 unsuccessful ssh-login attempts as root, the C2 intrusion detection
system locked the root account.

At present, I need to allow ssh login to the machine, but I have disabled ssh
login from root to improve security somewhat.

Hans

- --
Dr. Hans Ekkehard Plesser
Associate Professor

Department of Mathematical Sciences and Technology
Agricultural University of Norway

Phone +47 6494 8832
Fax +47 6494 8810
Home http://arken.nlh.no/~imfhep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBQBlEbuXhp9E3LTsRAjA9AJ0e0r1RaIMQ1DqSPto+IeEy8XZMmACgqvOb
FOUSv0XBdcY+4jZ6wydUcUE=
=8Ksn
-----END PGP SIGNATURE-----

Next message: Martin Simmen: "XP1000 no graphics"

Previous message: Mark Schubert: "How many processes can I have?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]