[nsp-sec] Strange usernames in SSH scan ?
Peter Moody
pmoody at google.com
Mon Sep 19 14:03:07 EDT 2011
On Mon, Sep 19, 2011 at 10:58 AM, Jose Nazario <jose at arbor.net> wrote:
> ----------- nsp-security Confidential --------
>
> someone confuse their password file and username file?
If that first one is their password, you should find out who it is and bake
them a cake.
> On Mon, 19 Sep 2011, Kurt Jaeger wrote:
>
> ----------- nsp-security Confidential --------
>>
>> Hi!
>>
>> Recently, we found strange usernames in SSH scans.
>>
>> sshd[23410]: Invalid user @n!md at mP#$@౅$&#@!#mTadm!**n$@ from
>> 60.191.41.97
>> sshd[23420]: Invalid user HOla%201%2B2%3D3%20Espa%00a%**20%00 from
>> 60.191.41.97
>>
>> Is there a reason for those usernames (syslog exploits ?) ?
>>
>>
>>
> --
> ------------------------------**------------------------------**-
> jose nazario, ph.d. <jose at arbor.net>
> manager of security research arbor networks
> v: (734) 821 1427 http://asert.arbor.net/
>
>
>
> ______________________________**_________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/nsp-security<https://puck.nether.net/mailman/listinfo/nsp-security>
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> ______________________________**_________________
>
--
Peter Moody Google 1.650.253.7306
Security Engineer pgp:0xC3410038
More information about the nsp-security
mailing list