Re: ssh: Repeated breakin attempts - Security

This is a discussion on Re: ssh: Repeated breakin attempts - Security ; On 2 May 2005 02:32:50 -0700, robert.spam.me.senseless@gmail.com wrote: >What concerns me is that the attackers seem to be able to retrieve the >names of users on my system. How do they do that, and how can I prevent it? I ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: ssh: Repeated breakin attempts

  1. Re: ssh: Repeated breakin attempts

    On 2 May 2005 02:32:50 -0700, robert.spam.me.senseless@gmail.com
    wrote:

    >What concerns me is that the attackers seem to be able to retrieve the
    >names of users on my system. How do they do that, and how can I prevent it?


    I have the EXACT same situation which has just cropped up in the last
    couple of weeks. The usual script kiddie SSH attacks use lists of
    common account names, but this "new" (to me, at any rate) attack is
    being used against user names that are valid on my system (and which
    are NOT common first names or account names).

    Is there some new exploit that allows them to retrieve a list of valid
    usernames?


  2. Re: ssh: Repeated breakin attempts

    Scott en Aztlán wrote in
    news:j69qo192ohf8tnpe9bfqmnjs89acfnm1o1@4ax.com:

    > couple of weeks. The usual script kiddie SSH attacks use lists of
    > common account names, but this "new" (to me, at any rate) attack is
    > being used against user names that are valid on my system (and which
    > are NOT common first names or account names).


    I have some scant evidence that one or more scripts pull usernames from
    spam lists. Were all of the accounts they tried also pop mail accounts?


  3. Re: ssh: Repeated breakin attempts

    On Wed, 30 Nov 2005 04:42:02 GMT, "Mr. Ellaneous"
    wrote:

    >I have some scant evidence that one or more scripts pull usernames from
    >spam lists. Were all of the accounts they tried also pop mail accounts?


    Well, yes, there is a POP3 server running on the machine, but the
    account that the script kiddie tried is never used to send mail and
    never receives mail from the outside world. The only reason I'm even
    running QPopper is so that I can easily retrieve locally-generated
    security reports from LogWatch.

    In case it matters, the account that was tried is also an account that
    is aliased to root in the mail aliases file.


+ Reply to Thread