Morris蠕虫有三种攻击方式,其中之一就是用常见的用户名和密码尝试登录RSH(remote shell)服务。
RSH是1998年问世的,它为系统管理员提供了一种很棒(尽管不安全)远程连接一台机器,并能在主机上运行一系列终端命令对它进行管理的方法。
后来人们在RSH中增加了一个密钥加密算法,以保护其经过网络传递的数据,这就是SSH(secure shell)协议,最终SSH取代了RSH。
不过,对于防范用常见用户名和密码尝试暴力登录的攻击方式,这并不能起多大的作用。SSH蠕虫已经被证明是非常成功和常见的攻击SSH攻击方式。
Tue Jul 18 13:49:00 2017 [pid 12371] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:02 2017 [pid 12370] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:03 2017 [pid 12373] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:05 2017 [pid 12372] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:06 2017 [pid 12375] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:08 2017 [pid 12374] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:11 2017 [pid 12374] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:12 2017 [pid 12377] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:14 2017 [pid 12376] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:17 2017 [pid 12376] [user] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:18 2017 [pid 12379] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:20 2017 [pid 12378] [root] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:23 2017 [pid 12378] [root] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:24 2017 [pid 12381] CONNECT: Client "140.205.225.191"
Tue Jul 18 13:49:27 2017 [pid 12380] [root] FAIL LOGIN: Client "140.205.225.191"
Tue Jul 18 13:49:27 2017 [pid 12383] CON