|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SSH probes?
From: iglope (iglope
ifrance.com)
Date: Wed May 12 2004 - 03:03:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Devdas
>I got about 61 of these in my logs before I turned sshd off. This looks
>like a brute force attempt at getting a login.
>
>May 9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure;
>logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20 user=ftp
>
>
one time we have : authentication failure;
>May 9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown
>
>
Another we have : check pass; user unknown
isn't a way to discover a valid user for next brute force session ?
may be u have to tune your ssh to send the same msg for valid and
invalid user ?
_____________________________________________________________________
Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger
http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]