|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] SSH script kiddies and usernames using '#'
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I thought I'd read it here, but searching my archives I can't find
any proof of it...
I thought during our previous discussions of SSH script kiddies
someone had mentioned that they liked to create user IDs that start
with # because it's a comment character and COULDN'T POSSIBLY be used
in a script. My thought was that it was rediculous.
Maybe it wasn't here. I could have read it in my general searching of
the New World Library.
I just got a report from logcheck that I was looking through and I
happened to find this rather good proof that even if you try to
obfuscate your usernames using #, it probably won't help.
- -------- Original Message --------
Subject: cat /var/log/auth.log | grep sshd | grep '#'
Date: Thu, 11 Aug 2005 19:30:29 -0400 (EDT)
Aug 11 16:25:03 localhost sshd[28790]: Invalid user #dandae7 from
201.17.147.xx
Aug 11 16:25:06 localhost sshd[28793]: Invalid user #dandae7 from
201.17.147.xx
Aug 11 16:25:09 localhost sshd[28795]: Invalid user #root from
201.17.147.xx
Aug 11 16:27:04 localhost sshd[28916]: Invalid user #root from
201.17.147.xx
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQvviCOkD7QKn7f0vEQKSLQCg5EUIBlsDn62Ig3R4Ul+hjU8lUiMAn04t
SwIU5PxCOs2RyMzMa5WsfCXa
=pj8b
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|