On Tue, 2004-08-03 at 19:01, Barry K. Nathan wrote: > On Tue, Aug 03, 2004 at 05:42:51PM -0500, Jay Summers wrote: > > Ditto there. I just sent a message today to one of my other user-lists > > You mean with sshd hanging, or just all the scans? (I've seen the latter > but not the former.) > > It's crackers looking for people who are dumb enough to create an > account named "test" with password "test" (or "guest"/"guest") and leave > it accessible to anyone on the 'Net. Once they get in, they use kernel > exploits to get root (if you have users/admins this dumb, *this* is why you > need to keep the kernel up to date!) and then they install a rootkit... > > These people, whoever they are, are succeding in breaking into more > systems than you'd expect... :| For more info on SuckIT, the rootkit in question, you can check out some info at, e.g.: http://www.incidents.org/diary.php?date=2004-07-23 http://www.phrack.org/show.php?p=58&a=7 http://www.broadbandreports.com/forum/remark,10854834 I've been getting these for some time now, and the admins I've bothered to contact back have all confirmed they were hacked due to lazy security protocols. Not a fair sampling technique but interesting nonetheless. -- Paul W. Frields, RHCE -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
