[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Any update on SSH brute force attempts?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: Any update on SSH brute force attempts?
From: Miriam Chan <miriamchan@xxxxxxxxxxxxx>
Date: Sun, 24 Oct 2004 09:43:17 +0800

Jay Libove wrote:

Recently, a couple of times a week, I see repeats of this which now have
as many as fifty different accounts being attacked.  (Almost none of which
exist on my server, and none of which will have common passwords
thankyouverymuch).


By the way, I started to suspect that the attacks were intentional (not just
some games by some script kiddies.) I had some servers accepting SSH
connections from anywhere (this is for easy access, and I know it is not
a very good idea.)

Before I set up a Portsentry-like mechanism to block the bad hosts, I got at
least 5-6 attempts per day. Afterward, I got nearly none (just some 1-2
attempts a day.) The change looks simply too much for me. If I got some
number of attacks a day, I would expect the same number of attacks the next
day if the attackes were automatically done by some virus/worms. I wished that
it was done by some virus, because (I think) a virus is not more malicious
than a planned cracking behaviour.

Do anyone have the same observations as me ? It should be great if you saw
it and shared your ideas.

Miriam.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Any update on SSH brute force attempts?
  - From: Jay Libove

Prev by Date: Re: [Full-Disclosure] Help, possible rootkit
Next by Date: Re: [Full-Disclosure] Help, possible rootkit
Previous by thread: Re: [Full-Disclosure] Re: Re: Any update on SSH brute force attempts?
Next by thread: [Full-Disclosure] Directory traversal in Yak! 2.1.2
Index(es):
- Date
- Thread