On Wed, 2004-08-04 at 11:03, Mike Markiw III wrote: > Thanks for the info on where to look. I hadn't looked at these logs before, but I'm getting scanned quite a bit as well. > The user accounts they try to log in as are: > test > guest > admin > root > > I would definitely suggest updating any/all passwords on your systems if they are dictionary based. > > The scans start about ten days ago for my system. Obviously, the script-kiddies found a new toy. We can probably expect more of this junk in the future. > > -Mike Found reference to this scanning on another site. Does appear to be a new brute force ssh script. The list of accounts it tries seems to indicate someone that is more use to windows type boxes that unix boxes. Sources available at frauder.us apparently. Fairly good analysis of it at http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1281.html So change your passwords, disable all services, and hunker down. This one is going to be here for awhile. -- Scot L. Harris <webid@xxxxxxxxxx>
