On Sat, 18 Sep 2004 14:18:32 +0200 Willem Jan Withagen <[email protected]> wrote: | Hi, | | Is there a security problem with ssh that I've missed??? | Ik keep getting these hords of: | Failed password for root from 69.242.5.195 port 39239 ssh2 | with all kinds of different source addresses. FYI, the past month there were a couple of (quite long) threads on this thing on bugtraq and incidents @securityfocus. It seems to be some worm that scans for weak passwords, someone on incidents published a webpage on this stuff here: http://www.jaenicke.org/sk/ with the binaries used and an irc log chatting with one of the kiddies. The sources seems to mainly be cracked boxes with, aemh... blank root passwords. (everytime I read the previous 3 words together I shudder, apologies if they have the same effect on you :) | they're back and keep clogging my logs. | Is there a "easy" way of getting these ip-numbers added to the | blocking-list of ipfw?? I've just moved the public port of the sshd on another port, quite lame but at least I'm not bothered by worms :) HTH Frankye -- Frankye Fattarelli |U| |P| |S|F| [email protected] |R| |S| |Y|I| this email is RFC 3514 compliant |G| |H| |N|N| _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"