[ale] SSH attempts

Scott Castaline skotchman at gmail.com
Mon Sep 12 15:06:12 EDT 2011


On 09/12/2011 01:29 PM, Rich Faulkner wrote:
> +1 on Michael...
>
> I like your take on the "honey pot".  Kewl idea too!  And yes, people 
> are dumb enough to use those passwords.  I've "fixed" more than one 
> network that got hacked-up back in my days as a road warrior dealing 
> with companies that wanted to use "password" or nothing at all as 
> their password for everything.  And they wonder why they got 
> hacked-up?  Yes, there are people who use these LAME passwords...
>
> RinL
>
Add state of Georgia to that Stupid Password Ticks I mean List. I had 
brought it to their attention and they are still using the same password 
(password) for their laptops for at least one dept.
> On Mon, 2011-09-12 at 11:27 -0400, Michael H. Warfield wrote:
>> On Mon, 2011-09-12 at 11:05 -0400, David Hillman wrote:
>> >  According to the PortSentry logs for my server, I have received thousands of
>> >  connection attempts via SSH port 22.  Of course, that is not the port the
>> >  real SSH service is listening on. Logins were also disabled for root.
>> >
>> >  What's interesting is the IP addresses all belong to Serverloft (
>> >  www.serverloft.eu  <http://www.serverloft.eu>); most attempts came from 188.138.32.16 (
>> >  loft4385.serverloft.eu).  I am guessing someone with a few VPS boxes has
>> >  nothing better to do than use up network bandwidth to terrorize the rest of
>> >  us.  Or, maybe those boxes have been compromised.
>>
>> >  I have e-mailed the folks over over at Serverloft, but I don't expect
>> >  anything of it.  Is there anything else I can do?
>>
>> It's just noise.  They're not getting in so you can ignore them.
>> Happens all the time around here.  If you want some amusement, set up an
>> ssh honeypot and catch all their password attempts.  You'll be left
>> shaking your head in total disbelief.  "Do they really think THOSE
>> things will actually work?!?!?"  Yeah, not only do they believe they
>> work, there actually are people stupid enough to use stupid passwords
>> who actually have ssh shell access that it makes it worth it for them to
>> do this.  Sigh...  Some of the passwords might surprise you but they're
>> all still LAME.
>>
>> Regards
>> Mike
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org  <mailto:Ale at ale.org>
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list