Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SSH probe attack afoot?
From: Barrie Dempster <barrie () reboot-robot net>
Date: Mon, 07 Feb 2005 20:24:40 +0000

On Sun, 2005-02-06 at 10:09 -0500, Bernie Cosell wrote:
We're now getting hammered with the third round of ssh probes in the last 
four days [one from CA, one from Brazil and one from Virginia].  I was 
wondering: is there some virus or the like floating around now that 
leaves an ssh-hammering zombie in its wake?  Or is it just coincidental 
that we have gotten three floods?

[the probes are just dozens of random-seeming login attempts with a bunch 
of root-password-guesses interspersed]

  /Bernie\


Multiple SSH brute force tools,which has been covered on this list and
others a few times over the last year.

http://www.securityfocus.com/archive/75/200407271059.11940.robin () kallisti net nz/2005-02-04/2005-02-10/0
http://www.google.com/search?num=100&hl=en&safe=off&q=ssh+brute
+force&spell=1

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

blog: http://zeedo.blogspot.com
site: http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]


Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Re: SSH probe attack afoot? Barrie Dempster (Feb 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault