On Sat, 18 Sep 2004 14:18:32 +0200 Willem Jan Withagen <wjw@withagen.nl> wrote: | Hi, | | Is there a security problem with ssh that I've missed??? | Ik keep getting these hords of: | Failed password for root from 69.242.5.195 port 39239 ssh2 | with all kinds of different source addresses. FYI, the past month there were a couple of (quite long) threads on this thing on bugtraq and incidents @securityfocus. It seems to be some worm that scans for weak passwords, someone on incidents published a webpage on this stuff here: http://www.jaenicke.org/sk/ with the binaries used and an irc log chatting with one of the kiddies. The sources seems to mainly be cracked boxes with, aemh... blank root passwords. (everytime I read the previous 3 words together I shudder, apologies if they have the same effect on you :) | they're back and keep clogging my logs. | Is there a "easy" way of getting these ip-numbers added to the | blocking-list of ipfw?? I've just moved the public port of the sshd on another port, quite lame but at least I'm not bothered by worms :) HTH Frankye -- Frankye Fattarelli |U| |P| |S|F| frankye.DIESPAMMERSDIE@ipv5.net |R| |S| |Y|I| this email is RFC 3514 compliant |G| |H| |N|N| _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"