rootkit?
Alan Cox
alan at redhat.com
Mon Dec 12 21:19:00 UTC 2005
On Mon, Dec 12, 2005 at 02:57:28PM -0500, Chasecreek Systemhouse wrote:
> About three months ago I reported a box I admin'ed was accessed thru
> DDoS on the ssh access port -- the sshd was hit 90,000 times a hour
Standard dictionary attack set I imagine. Some of the worms are also much
smarter and use any unpassworded ssh private keys they can steal to build
a huge key based attack database
> attack, access, and discovery all happened in less than a 5 hour
> period. The attacker either was a novice or didn't care to cover
> their tracks.
or a robot
> I would say there is a ssh brute force hack floating around that has
> not been documented yet; as such it is all Server admins best
> interests to remain vigilant.
What kernel was that box running ?
More information about the test
mailing list