Eugene Smiley on 11 Aug 2005 23:44:37 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] SSH script kiddies and usernames using '#'


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought I'd read it here, but searching my archives I can't find
any proof of it...

I thought during our previous discussions of SSH script kiddies
someone had mentioned that they liked to create user IDs that start
with # because it's a comment character and COULDN'T POSSIBLY be used
in a script. My thought was that it was rediculous.

Maybe it wasn't here. I could have read it in my general searching of
the New World Library.

I just got a report from logcheck that I was looking through and I
happened to find this rather good proof that even if you try to
obfuscate your usernames using #, it probably won't help.


- -------- Original Message --------
Subject: cat /var/log/auth.log | grep sshd | grep '#'
Date: Thu, 11 Aug 2005 19:30:29 -0400 (EDT)

Aug 11 16:25:03 localhost sshd[28790]: Invalid user #dandae7 from
201.17.147.xx
Aug 11 16:25:06 localhost sshd[28793]: Invalid user #dandae7 from
201.17.147.xx
Aug 11 16:25:09 localhost sshd[28795]: Invalid user #root from
201.17.147.xx
Aug 11 16:27:04 localhost sshd[28916]: Invalid user #root from
201.17.147.xx




-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQvviCOkD7QKn7f0vEQKSLQCg5EUIBlsDn62Ig3R4Ul+hjU8lUiMAn04t
SwIU5PxCOs2RyMzMa5WsfCXa
=pj8b
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug