[nsp-sec] SSH bruter results
Jose Nazario
jose at arbor.net
Fri Apr 18 15:45:17 EDT 2008
On Fri, 18 Apr 2008, SURFcert - Peter wrote:
> How sure are you about this list? I see IP/account combinations with a
> number of different passwords. Are these tested and one worked? Or does
> these lists show a user has changed his password and it was cracked
> again?
i haven't tested any of these, no.
i suspect a few of them - the obvious ones - may be honeypots. hence the
huge list of u:p combos for some IPs. however a few IPs match the "legit"
look: one or two accounts with plausable passwords per IP, only a few IPs
per provider.
at least i HOPE the few IPs with a boatload of guessed u:p combos are
honeypots.
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list