sequences in the auth.log
Gregory Kuhn
gkuhn at ctch.net
Fri Aug 13 12:19:16 PDT 2004
At 11:35 AM 8/13/2004, Craig Edwards wrote:
>ive been getting this too on both my freebsd boxes, it seems to be an
>epidemic. i guess its some form of ssh scanner looking for open accounts
>with no passwords (or easily guessable passwords)?
Just one more reason to mandate strict passwords for any accounts that have
interactive shell access. It is also why we don't allow shell accounts to
our users, with exception of a very small few (approximately 5 out of 200)
and those users are required to maintain very strict passwords containing
uppercase, lowercase, numeric and special characters in their passwords and
they must be changed every 30 days and they are not allowed to reuse
passwords...EVER!
My personal experience with end-users (at least most of them) is given the
opportunity, the end-user will opt for the easy to remember (a.k.a. easy to
guess) password. We have all heard the jokes about the password being
"password", its no joke...neither is first names, last names and so
on...four letter passwords are a favorite of the average end-user
too. lusers...you can't live with them, you can't live without them, you
can only try to educate them.
Greg
<snip>
> >165.21.103.20 port 39836 ssh2
> >Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20
> >Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57
> >Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57
> >
> >What are these?
> >
>
>
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list