I get daily security reports from the hosts I manage. Typically these contain invalid user attempts for users like guest, www, and root. (Although FreeBSD doesn't allow remote logins for root, I was surprised to find out that many Linux distributions allow them.)
Today's log surprised me, because it contained only Greek names. Here is an excerpt from the log.
Aug 1 00:19:42 istlab sshd[22137]: Invalid user achaikos from 210.17.252.20 Aug 1 00:19:45 istlab sshd[22191]: Invalid user achilleus from 210.17.252.20 Aug 1 00:19:48 istlab sshd[22218]: Invalid user actaeon from 210.17.252.20 Aug 1 00:19:51 istlab sshd[22244]: Invalid user acteon from 210.17.252.20 Aug 1 00:19:55 istlab sshd[22279]: Invalid user adelpha from 210.17.252.20 Aug 1 00:19:58 istlab sshd[22302]: Invalid user adelphe from 210.17.252.20 Aug 1 00:20:01 istlab sshd[22321]: Invalid user adelphie from 210.17.252.20 Aug 1 00:20:04 istlab sshd[22353]: Invalid user adonia from 210.17.252.20 Aug 1 00:20:08 istlab sshd[22387]: Invalid user adonis from 210.17.252.20 Aug 1 00:20:11 istlab sshd[22400]: Invalid user adrasteia from 210.17.252.20 Aug 1 00:20:14 istlab sshd[22417]: Invalid user adrastos from 210.17.252.20The attack came from a Hong-Kong-based machine, and the list contained many exotic names while also missing many common ones. Therefore, I doubt that this was a local attack. A Google search revealed that the name list was obtained by merging male Greek names and female Greek names from http://www.20000-names.com. Most probably an attack tool contains lists of names for specific countries (the same site also provides, African, Chinese, English, French, German, Hebrew, Irish, Italian, Japanese, Polish, Spanish, and Welsh names). The tool also maps the IP address of the host it attacks to a specific country, for instance, through the geolocation data of the IP-to-Country databases. Finally, the attack tool uses the country-specific list for trying to log in to those accounts. Attackers seem to be getting more sophisticated with every passing day. Comments Toot! Tweet
Navigation
Tagged as
Become a Unix command line wizard
Debug like a master
Compute with style
Recent posts
Twitter's overrated dissemination capacity
(2023-04-02)
The hypocritical call to pause giant AI (2023-03-30)
AI deforests the knowledge’s ecosystem (2023-03-16)
How I fixed git-grep macOS UTF-8 support (2022-10-12)
The sorry state of software quality (2022-03-10)
Rather than alchemy, methodical troubleshooting (2021-11-27)
The Evolution of the Unix System Architecture (2021-06-18)
Reviving the 1973 Unix text to voice translator (2021-01-02)
Fast database UPDATE/DELETE operations (2020-12-10)
Raspberry Pi 400 vs ZX Spectrum (2020-11-02)
The hypocritical call to pause giant AI (2023-03-30)
AI deforests the knowledge’s ecosystem (2023-03-16)
How I fixed git-grep macOS UTF-8 support (2022-10-12)
The sorry state of software quality (2022-03-10)
Rather than alchemy, methodical troubleshooting (2021-11-27)
The Evolution of the Unix System Architecture (2021-06-18)
Reviving the 1973 Unix text to voice translator (2021-01-02)
Fast database UPDATE/DELETE operations (2020-12-10)
Raspberry Pi 400 vs ZX Spectrum (2020-11-02)
Last modified: Thursday, August 2, 2007 10:01 am
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.