Hi Justin, Part of what I'd like to (dis)prove is that they are making a 'second run' from this or another machine to hit that accounts that it believes are valid...any chance you could keep your testing up for a while?
Thx, Greg On Mon, 2005-20-06 at 23:15 -0400, Justin Pryzby wrote: > Included is a list of usernames and corresponding passwords used in an > ssh scan I observed. It indicates to me that it is trying > statistically common (aka dumb) passwords on common usernames; I see > no evidence of an attempt to measure timings to discover valid > accounts. > > Justin > > Starred accounts are invalid users. > > root administrator > root root > root rootroot > root root1 > root 123456 > root 1234567890 > root qwerty > root administrator1 > root admin > root backup > root admin1 > root secure > root secret > root passwd > root password > root password123 > *admin admin > *administrator administrator > root root > *admin admin > *test test > postgres postgres > *info info123 > *alex alex > *alex alex123 > *samba samba > *guest guest > *webmaster webmaster > mysql mysql > *oracle oracle > *library library > *info info > *shell shell > *linux linux > *unix unix > *webadmin webadmin > *ftp ftp > *test test123 > root root123 > *admin admin123 > *guest guest123 > *master master > *apache apache > root webadmin > root admin > root shell > root linux > root test > root webmaster > root mysql > *admin root > *admin administrator > *admin 12345 > *admin 123456 > root 123456 > root 12345678 > *test test12345 > *test 123456 > *webmaster 123456 > *user user > *username username > *username password > *user password > root password > *admin password > *test password > root master > root apache > root unix > root redhat > *danny danny > *sharon sharon > *aron aron > *alex alex > *brett brett > *mike mike > *alan alan > *data data > www-data www-data > *http http > *httpd httpd > nobody nobody > root login > backup backup > *info 123456 > *shop shop > *sales sales > *web web > *www www > *wwwrun wwwrun > *adam adam > *stephen stephen > *richard richard > *george george > *michael michael > *john john > *david david > *paul paul > news news > *angel angel > games games > *pgsql pgsql > *pgsql pgsql123 > mail mail > *adm adm > *ident ident > *resin resin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
