[Eug-lug] source of ssh scanner

Po Petz po at ciphermonkeys.org
Wed Aug 25 11:49:53 PDT 2004


On Wed, 25 Aug 2004, larry price wrote:

> I rather doubt that anyone on this list is using passwords this weak.

You'd also have to be running OpenSSH with "PermitRootLogin yes" for all
the checkauth("root",,) calls, no?

> I guess I'm mildly surprised at how crude the damn thing is, couldn't
> they at least use a loadable dictionary?

Some of the scanners that end up in rootkits are pretty pathetic programs
with library code pasted right in.  This one is impressive in that it
doesn't just call system("/usr/bin/ssh");.  :)

-po


More information about the EUGLUG mailing list