Not that I would suggest any particular course of action for anyone but something just occurred to me. If a machine is probing my system using a known SSH exploit, that probably means that someone else has compromised that system and that it is wide open. Given that these shell accounts that are part of the exploit are known far and wide, what would happen if I used the same known shell accounts to log into one of these compromised systems, I would be able to inform the owner that their system was compromised and shut the system down so that it is not a threat to the rest of the Net anymore?
It is VERY possible to do something like this since the ssh exploits are using accounts like: root:root oracle:oracle user:user and the like. -- Bryan Phinney
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
