[ale] 300,000 failed login attempts in 6 months!!!
Jim Popovitch
yahoo at jimpop.com
Tue Aug 19 18:36:42 EDT 2008
2008/8/19 Michael B. Trausch <mike at trausch.us>:
> Yes, but it's fairly trivial to detect it on any machine using a
> standard portscan:
>
> Interesting ports on localhost (127.0.0.1):
> 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
> 80/tcp open http lighttpd 1.4.19
> 631/tcp open ipp CUPS 1.2
> 5432/tcp open postgresql PostgreSQL DB
> 5900/tcp open vnc VNC (protocol 3.7)
> 8080/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
> 9050/tcp open tor-socks Tor SOCKS Proxy
> Service Info: OS: Linux
That's not a very well secured box if you can determine versions from ports. ;-)
Also, the latency in using nmap to discover ssh via nmap is less than
desirable when there are so many available default installs of ssh
(most of which probably have lame passwords for root)
-Jim P.
-Jim P.
More information about the Ale
mailing list