Included is a list of usernames and corresponding passwords used in an ssh scan I observed. It indicates to me that it is trying statistically common (aka dumb) passwords on common usernames; I see no evidence of an attempt to measure timings to discover valid accounts.
Justin Starred accounts are invalid users. root administrator root root root rootroot root root1 root 123456 root 1234567890 root qwerty root administrator1 root admin root backup root admin1 root secure root secret root passwd root password root password123 *admin admin *administrator administrator root root *admin admin *test test postgres postgres *info info123 *alex alex *alex alex123 *samba samba *guest guest *webmaster webmaster mysql mysql *oracle oracle *library library *info info *shell shell *linux linux *unix unix *webadmin webadmin *ftp ftp *test test123 root root123 *admin admin123 *guest guest123 *master master *apache apache root webadmin root admin root shell root linux root test root webmaster root mysql *admin root *admin administrator *admin 12345 *admin 123456 root 123456 root 12345678 *test test12345 *test 123456 *webmaster 123456 *user user *username username *username password *user password root password *admin password *test password root master root apache root unix root redhat *danny danny *sharon sharon *aron aron *alex alex *brett brett *mike mike *alan alan *data data www-data www-data *http http *httpd httpd nobody nobody root login backup backup *info 123456 *shop shop *sales sales *web web *www www *wwwrun wwwrun *adam adam *stephen stephen *richard richard *george george *michael michael *john john *david david *paul paul news news *angel angel games games *pgsql pgsql *pgsql pgsql123 mail mail *adm adm *ident ident *resin resin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
