[ale] SSH attempts

Rich Faulkner rfaulkner at 34thprs.org
Mon Sep 12 13:29:32 EDT 2011


+1 on Michael...

I like your take on the "honey pot".  Kewl idea too!  And yes, people
are dumb enough to use those passwords.  I've "fixed" more than one
network that got hacked-up back in my days as a road warrior dealing
with companies that wanted to use "password" or nothing at all as their
password for everything.  And they wonder why they got hacked-up?  Yes,
there are people who use these LAME passwords...

RinL

On Mon, 2011-09-12 at 11:27 -0400, Michael H. Warfield wrote:

> On Mon, 2011-09-12 at 11:05 -0400, David Hillman wrote: 
> > According to the PortSentry logs for my server, I have received thousands of
> > connection attempts via SSH port 22.  Of course, that is not the port the
> > real SSH service is listening on. Logins were also disabled for root.
> > 
> > What's interesting is the IP addresses all belong to Serverloft (
> > www.serverloft.eu); most attempts came from 188.138.32.16 (
> > loft4385.serverloft.eu).  I am guessing someone with a few VPS boxes has
> > nothing better to do than use up network bandwidth to terrorize the rest of
> > us.  Or, maybe those boxes have been compromised.
> 
> > I have e-mailed the folks over over at Serverloft, but I don't expect
> > anything of it.  Is there anything else I can do?
> 
> It's just noise.  They're not getting in so you can ignore them.
> Happens all the time around here.  If you want some amusement, set up an
> ssh honeypot and catch all their password attempts.  You'll be left
> shaking your head in total disbelief.  "Do they really think THOSE
> things will actually work?!?!?"  Yeah, not only do they believe they
> work, there actually are people stupid enough to use stupid passwords
> who actually have ssh shell access that it makes it worth it for them to
> do this.  Sigh...  Some of the passwords might surprise you but they're
> all still LAME.
> 
> Regards
> Mike
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110912/d10de53a/attachment.html 


More information about the Ale mailing list