Gentoo Archives: gentoo-security

From: Andrew Gaffney <agaffney@×××××××××××.com>
To: Rui Pedro Figueira Covelo <rpfc@××××××××××××.pt>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [Fwd: [Full-Disclosure] Re: Automated SSH login attempts?]
Date: Thu, 29 Jul 2004 21:01:13
Message-Id: 41096524.2000903@skylineaero.com
In Reply to: Re: [gentoo-security] [Fwd: [Full-Disclosure] Re: Automated SSH login attempts?] by Rui Pedro Figueira Covelo
1 Rui Pedro Figueira Covelo wrote:
2 > I noticed that the .bash_history it's from the root account. Not guest
3 > or test. If this .bash_history is real, the fact that someone got root
4 > proves that someone used an exploit rather than guessing a weak password
5 > of a guest or test account, right?
6
7 You do have a very good point. There is probably more to these SSH probes that
8 everyone is seeing than first thought. I've checked out a number of boxes that
9 have been probing my Gentoo server, and they are all Linux boxes running a 2.4
10 kernel. I don't know if it is automated or someone actually running these
11 probes. The last box that I got probed by was Running RedHat, Apache 1.3.27, and
12 mod_php 4.1.2, so it was fairly recent. It must be one of those SSH exploits (or
13 was it SSL?) from a few months ago.
14
15 --
16 Andrew Gaffney
17 Network Administrator
18 Skyline Aeronautics, LLC.
19 636-357-1548
20
21
22 --
23 gentoo-security@g.o mailing list