Attacks on ssh port

Frankye - ML listsucker at
Sat Sep 18 07:14:37 PDT 2004

On Sat, 18 Sep 2004 14:18:32 +0200
Willem Jan Withagen <wjw at> wrote:

| Hi,
| Is there a security problem with ssh that I've missed???
| Ik keep getting these hords of:   
|     Failed password for root from port 39239 ssh2
| with all kinds of different source addresses.

FYI, the past month there were a couple of (quite long) threads on this
thing on bugtraq and incidents @securityfocus.
It seems to be some worm that scans for weak passwords, someone on
incidents published a webpage on this stuff here: with the binaries used and an irc log chatting
with one of the kiddies.
The sources seems to mainly be cracked boxes with, aemh... blank root
(everytime I read the previous 3 words together I shudder, apologies if
they have the same effect on you :)

| they're back and keep clogging my logs.
| Is there a "easy" way of getting these ip-numbers added to the 
| blocking-list of ipfw??

I've just moved the public port of the sshd on another port, quite lame
but at least I'm not bothered by worms :)



Frankye Fattarelli               |U| |P| |S|F|
frankye.DIESPAMMERSDIE at  |R| |S| |Y|I|
this email is RFC 3514 compliant |G| |H| |N|N|

More information about the freebsd-security mailing list