[nsp-sec] Strange usernames in SSH scan ?
Jose Nazario
jose at arbor.net
Mon Sep 19 13:58:06 EDT 2011
someone confuse their password file and username file?
On Mon, 19 Sep 2011, Kurt Jaeger wrote:
> ----------- nsp-security Confidential --------
>
> Hi!
>
> Recently, we found strange usernames in SSH scans.
>
> sshd[23410]: Invalid user @n!md at mP#$@౅$&#@!#mTadm!n$@ from 60.191.41.97
> sshd[23420]: Invalid user HOla%201%2B2%3D3%20Espa%00a%20%00 from 60.191.41.97
>
> Is there a reason for those usernames (syslog exploits ?) ?
>
>
--
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
manager of security research arbor networks
v: (734) 821 1427 http://asert.arbor.net/
More information about the nsp-security
mailing list