On Wed, 2004-08-04 at 11:03, Mike Markiw III wrote:
Thanks for the info on where to look. I hadn't looked at these
logs before, but I'm getting scanned quite a bit as well.
The user accounts they try to log in as are:
test
guest
admin
root
I would definitely suggest updating any/all passwords on your systems if they are
dictionary based.
The scans start about ten days ago for my system. Obviously, the script-kiddies found a
new toy. We can probably expect more of this junk in the future.
-Mike
Found reference to this scanning on another site. Does appear to be a
new brute force ssh script. The list of accounts it tries seems to
indicate someone that is more use to windows type boxes that unix boxes.
Sources available at frauder.us apparently.
Fairly good analysis of it at
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1281.html
So change your passwords, disable all services, and hunker down. This
one is going to be here for awhile.
--
Scot L. Harris <webid(a)cfl.rr.com>