Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Strange validation attempts on DSHIELD project - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Strange validation attempts on DSHIELD project
Hello everyone

I'm one of the guys involved on DSHIELD project of this SANS website.

Today, I was reading the hits from my honeypot and I found the following strange validation attemps:

user:root
Password: system\x00

In some cases the bots try to validate with the following usernames:

shell\x00
enable\x00

I look forward to know, what kind of attempts are them... could it be a sheellcode/exploit for some IOT device? or maybe it is a mistake when the validation logs are parsed?

Thanks a lot for your support in advance!
DrGreen

7 Posts

Sign Up for Free or Log In to start participating in the conversation!