tech-security: Re: sshd password guessing attacks on the rise

Subject: Re: sshd password guessing attacks on the rise
To: None <tech-security@netbsd.org>
From: Wolfgang S. Rupprecht <wolfgang+gnus20041011T150819@dailyplanet.dontspam.wsrcc.com>
List: tech-security
Date: 10/11/2004 15:10:49

woods@weird.com (Greg A. Woods) writes:
> Does anyone have a copy of the dictionary used by the SSH attacker(s)?
> 
> I would sure like to add it to the list of dictionaries I use with the
> changes I posted in PR#10206!  ;-)

[ a shortened version of the msg I sent to greg. -wsr ]

Google found this.  It might or might not be what I'm seeing, but it
couldn't hurt to grab the dictionary out of it.

   http://www.cnhonker.com/index.php?module=exploits&act=view&type=6&id=632

The file references brutessh and brutessh2 with a "wget.home.ro"
address, but the server this page is located on is in communist china.
My bigger ssh attacks did come from there, so this might be one of the
programs that I was seeing.

-wolfgang
-- 
Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/