Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: targetted SSH bruteforce attacks
From: Frank Bures <lisfrank () chem toronto edu>
Date: Thu, 17 Jun 2010 10:42:32 -0400

Gary Baribault wrote:
I just knew that people would say that, and that's why I specified
that I WANT to keep SSH on 22 .. it's fun to see the attacks, and it's
interesting to see new types of attacks. The question here is whether
anyone else is seeing such a targeted attack.

I've seen an interesting SSH attack in the last couple of days on our /22
network.  Instead of probing port 22 on many machines in the shortest
possible time period as usual, this attack seems to be trying to be
stealthy.  It never attacks more than 4 machines in an hour and never twice
from the same IP address.  As all attacking addresses are subsequently
blocked, I wonder how long is it going to take for the guy(s) to run out of
available addresses at this rate :-)



<feeb () chem toronto edu>

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]