[plug] 203.236.241.42 / ndyne.com

James Devenish devenish at guild.uwa.edu.au
Mon Aug 23 17:24:09 WST 2004


In message <4129B67A.3080809 at westnet.com.au>
on Mon, Aug 23, 2004 at 05:18:50PM +0800, Kai wrote:
> Anyone getting a lot of login attempts from this IP with the usernames 
> admin, root and test ?

Surely this is the SSH worm that has been around for a few weeks. I
don't know if it's a binary exploit or just a weak password exploit.
I assume there's an online reference for this, but I don't have one.
A web search with the terms 'ssh worm admin test guest' reveals:
http://www.securityfocus.com/archive/75/370288/2004-07-31/2004-08-06/2





More information about the plug mailing list