SSH Password attacks using domain name elements as userid

Published: 2012-01-27
Last Updated: 2012-01-27 10:08:01 UTC
by Mark Hofman (Version: 1)
1 comment(s)

A reader (Thanks Jim!) mentioned earlier today that his SSH logs were showing access attempts utilising elements of the reverse DNS name of the IP address being accessed.  For example using  isc.sans.org results in the userids isc, sans and org. This may be cause a number of hosting providers use the domain name itself as the userid for shell access for customers.  In light of the breach at dreamhost earlier this week http://blog.dreamhost.com/2012/01/21/security-update/ this may be what is going on. 

If you are noticing the same in your logs and you can share some log lines please send some in as I'd be interested in taking a peek.

Mark H

 

Keywords:
1 comment(s)

CISCO Ironport C & M Series telnet vulnerability

Published: 2012-01-27
Last Updated: 2012-01-27 09:52:03 UTC
by Mark Hofman (Version: 1)
0 comment(s)

In case you missed it there is a vulnerability in the CISCO Ironport telnet service. Details can be found here http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

To mitigate the risk (if you can't upgrade just yet) is to switch off telnet on the device and use SSH to manage it instead.

Mark H

Keywords: CISCO ironport
0 comment(s)
ISC StormCast for Friday, January 27th 2012 http://isc.sans.edu/podcastdetail.html?id=2287

Comments

cwqwqwq
eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>
WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]
dwqqqwqwq mashood
[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)
[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]
What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/

Diary Archives