Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


usb keyboard connected randomly to dedi (hetzner)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

usb keyboard connected randomly to dedi (hetzner)

KkkkmKkkkm Member
edited March 2022 in Help

hello,
to our concern, on a server we manage, without us ever asking for support, a
random usb keyboard was connected to the dedicated server, after over 100+ day uptime. Is this normal? usb rubber ducky?lol

We just managed to find the below on our dmesg logs..

]# dmesg -T
[Sat Feb 26 04:13:30 2022] usb 1-4: new high-speed USB device number 2
using xhci_hcd
[Sat Feb 26 04:13:31 2022] usb 1-4: device descriptor read/64, error -71
[Sat Feb 26 04:13:31 2022] usb 1-4: New USB device found,
idVendor=1a40, idProduct=0101, bcdDevice= 1.11
[Sat Feb 26 04:13:31 2022] usb 1-4: New USB device strings: Mfr=0,
Product=1, SerialNumber=0
[Sat Feb 26 04:13:31 2022] usb 1-4: Product: USB 2.0 Hub
[Sat Feb 26 04:13:31 2022] hub 1-4:1.0: USB hub found
[Sat Feb 26 04:13:31 2022] hub 1-4:1.0: 4 ports detected
[Sat Feb 26 04:13:31 2022] usb 1-4.1: new low-speed USB device number
3 using xhci_hcd
[Sat Feb 26 04:13:31 2022] usb 1-4.1: New USB device found,
idVendor=046d, idProduct=c31c, bcdDevice=64.00
[Sat Feb 26 04:13:31 2022] usb 1-4.1: New USB device strings: Mfr=1,
Product=2, SerialNumber=0
[Sat Feb 26 04:13:31 2022] usb 1-4.1: Product: USB Keyboard
[Sat Feb 26 04:13:31 2022] usb 1-4.1: Manufacturer: Logitech
[Sat Feb 26 04:13:31 2022] input: Logitech USB Keyboard as
/devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4.1/1-4.1:1.0/input/input4
[Sat Feb 26 04:13:31 2022] hid-generic 0003:046D:C31C.0001:
input,hidraw0: USB HID v1.10 Keyboard [Logitech USB Keyboard] on
usb-0000:00:14.0-4.1/input0
[Sat Feb 26 04:13:31 2022] input: Logitech USB Keyboard as
/devices/pci0000:00/0000:00:14.0/usb1/1-4/1-4.1/1-4.1:1.1/input/input5
[Sat Feb 26 04:13:31 2022] hid-generic 0003:046D:C31C.0002:
input,hidraw1: USB HID v1.10 Device [Logitech USB Keyboard] on
usb-0000:00:14.0-4.1/input1
[Sat Feb 26 04:13:44 2022] usb 1-4: USB disconnect, device number 2
[Sat Feb 26 04:13:44 2022] usb 1-4.1: USB disconnect, device number 3

Comments

  • ExpertVMExpertVM Member, Host Rep

    Maybe a honest mistake since the person notice it after 10 seconds that the server he suppose to work on that the mouse not responding?

    Thanked by 1kkrajk
  • VitaVita Member

    Well if someone was trying to bruteforce your login credential from the DC via keyboard I guess you would see that in logs as well. Also they could have just staged an "incident" situation pull your disks and get the data they need :smiley: .

    So probably a mistake.

    Thanked by 2yoursunny Talistech
  • jarjar Patron Provider, Top Host, Veteran

    +1 to mistake. I can't imagine what you could do in such a short time frame that would be of any consequence.

  • Nuke it, they already have all your data

  • Hetzner_OLHetzner_OL Member, Top Host

    Hi there @Kkkkm - If you write to our support team via your Robot account, they can most likely tell you what happened here. --Katie

    Thanked by 1Talistech
Sign In or Register to comment.