2009/1/18 Florian Mickler :
>> > people
>> > often confuse which password they have to enter where, and thus
>> > valid passwords would wander into the logs for malicous people to
>> > collect and use at other sites.
>>
>> auth.log is only readable to sysadmins.
>>
> oh what a wonderful world
>
>
On Sat, 17 Jan 2009 11:44:38 +
Tzafrir Cohen wrote:
> > people
> > often confuse which password they have to enter where, and thus
> > valid passwords would wander into the logs for malicous people to
> > collect and use at other sites.
>
> auth.log is only readable to sysadmins.
>
oh wha
On Fri, Jan 16, 2009 at 02:25:35PM +0100, Florian Mickler wrote:
> On Thu, 15 Jan 2009 20:10:44 +0200
> "Dotan Cohen" wrote:
>
> > I get a few thousands of these every day in the logs:
> > Illegal users from:
> > 70.85.222.106 (sales.gbdweb.com): 518 times
> >anna/password: 1 time
> >
On Fri, Jan 16, 2009 at 06:03:52PM +0200, Dotan Cohen wrote:
> 2009/1/16 Jeff Soules :
> >> While in general I agree, in this case you could say that I am sitting
> >> here as a honeypot. No legitimate users will try connecting via SSH on
> >> port 22, and certainly not over the big bad internet. T
On Fri, Jan 16, 2009 at 15:22, Sjoerd Hardeman
wrote:
> But, wouldn't it be wise to run a honeypot on port 22, and a real ssh on a
> completely different port? Of course a good user/password choice isn't easily
> brute-forced, but not running a real ssh as a honeypot seems far more secure
> to
2009/1/16 Osamu Aoki :
> When writing back, "ﻩ" is followed by <200d> in vim.
>
That is "m", no? Actually, it looks like I don't have that there.
Can you send to me your vim configuration? I have a lot of trouble
with RTL in VIM. Thanks.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.
On Fri, Jan 16, 2009 at 08:20:57PM +0200, Dotan Cohen wrote:
> 2009/1/16 Osamu Aoki :
> > If you atill want password login to ssh, look into knockd package.
> >
>
> Thanks, I will google that.
>
> >> ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي
> >
> > Hmmm... I am missing 200d
> >
>
On Fri, Jan 16, 2009 at 07:16:41PM +0200, Dotan Cohen wrote:
> 2009/1/16 Sjoerd Hardeman :
> > I would try either honeyd or tinyhoneypot for that. You don't need a full
> > blown ssh dameon for this.
> >
>
> Thank you Sjoerd. I do, however, need sshd for the legitimate user who
> logs into this sy
2009/1/16 Osamu Aoki :
> If you atill want password login to ssh, look into knockd package.
>
Thanks, I will google that.
>> ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي
>
> Hmmm... I am missing 200d
>
Did I miss a letter? Can you provide me with a complete alphabet? I
use these lett
Dotan Cohen wrote:
2009/1/16 Sjoerd Hardeman :
I would try either honeyd or tinyhoneypot for that. You don't need a full
blown ssh dameon for this.
Thank you Sjoerd. I do, however, need sshd for the legitimate user who
logs into this system. I googled a bit of honeyd but do not see if it
will
2009/1/16 Sjoerd Hardeman :
> I would try either honeyd or tinyhoneypot for that. You don't need a full
> blown ssh dameon for this.
>
Thank you Sjoerd. I do, however, need sshd for the legitimate user who
logs into this system. I googled a bit of honeyd but do not see if it
will interfere with th
Dotan Cohen wrote:
2009/1/16 Gavin Elliot Jones :
On Thu, Jan 15, 2009 at 08:10:44PM +0200, Dotan Cohen wrote:
How can I start logging the passwords attempted as well as the
usernames? Thanks.
I don't think the standard SSH daemon can log passwords. After all it
would be a security risk if pas
2009/1/16 Gavin Elliot Jones :
> On Thu, Jan 15, 2009 at 08:10:44PM +0200, Dotan Cohen wrote:
>> How can I start logging the passwords attempted as well as the
>> usernames? Thanks.
>
> I don't think the standard SSH daemon can log passwords. After all it
> would be a security risk if passwords sta
2009/1/16 Jeff Soules :
>> While in general I agree, in this case you could say that I am sitting
>> here as a honeypot. No legitimate users will try connecting via SSH on
>> port 22, and certainly not over the big bad internet. The only reason
>> that I have sshd running here is for another machin
On Thu, Jan 15, 2009 at 08:10:44PM +0200, Dotan Cohen wrote:
> How can I start logging the passwords attempted as well as the
> usernames? Thanks.
I don't think the standard SSH daemon can log passwords. After all it
would be a security risk if passwords started appearing in log files.
As I under
> While in general I agree, in this case you could say that I am sitting
> here as a honeypot. No legitimate users will try connecting via SSH on
> port 22, and certainly not over the big bad internet. The only reason
> that I have sshd running here is for another machine on the LAN to ssh
> in on
passwords of SSH attacks
2009/1/16 Florian Mickler :
>> How can I start logging the passwords attempted as well as the
>> usernames? Thanks.
>>
> That's not possible without hacking in the ssh-sourcecodes, I assume.
>
> It would be a security nightmare to have the pa
2009/1/16 Florian Mickler :
>> How can I start logging the passwords attempted as well as the
>> usernames? Thanks.
>>
> That's not possible without hacking in the ssh-sourcecodes, I assume.
>
> It would be a security nightmare to have the passwords of users being
> logged. even if it would only b
On Thu, 15 Jan 2009 20:10:44 +0200
"Dotan Cohen" wrote:
> I get a few thousands of these every day in the logs:
> Illegal users from:
> 70.85.222.106 (sales.gbdweb.com): 518 times
>anna/password: 1 time
>apache/password: 1 time
>arthur/password: 1 time
>attack/
2009/1/15 Thierry Chatelet :
> You can try fail2ban to first cick the attaquer out.
>
I am not that interested in the particular attacker, but I am
interested in knowing what passwords are being attempted.
--
Dotan Cohen
http://what-is-what.com
http://gibberish.co.il
א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-
On Thursday 15 January 2009 19:10:44 Dotan Cohen wrote:
> I get a few thousands of these every day in the logs:
> Illegal users from:
> 70.85.222.106 (sales.gbdweb.com): 518 times
>anna/password: 1 time
>apache/password: 1 time
>arthur/password: 1 time
>attack/pa
I get a few thousands of these every day in the logs:
Illegal users from:
70.85.222.106 (sales.gbdweb.com): 518 times
anna/password: 1 time
apache/password: 1 time
arthur/password: 1 time
attack/password: 1 time
awharton/password: 1 time
How can I start loggi
22 matches
Mail list logo
