Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Incidents: Re: Weird SSH attack last night and this morning (still ongoing)

Re: Weird SSH attack last night and this morning (still ongoing)

From: Mick Pollard <lists_at_lunix.com.au>
Date: Wed, 14 May 2008 18:25:30 +1000

On Wed, 07 May 2008 08:27:15 -0400
Gary Baribault <gary_at_baribault.net> wrote:

> I don't know what is going on last night and this morning ... I have
> three Linux servers facing the Internet, two on cable modems and another
> on a static IP/commercial connection and this last one is a gateway to a
> Web/FTP/SMTP/Pop3/NTP Linux based system.
>

> Of the three machines, one of them only had about 10 attempts, but the
> other two had about 200 attempts .. all of them with only 1 try with the
> user Root ..
>
> Is any one else seing this? or am I being targeted? This is still going
> on now .. and it started arround 10:00 last night GMT+4
These aren't related to the recent openssh advisory for debian based
distros ? [USN-612-2] OpenSSH vulnerability
A bot looking for debian based servers with weak ssh keys ?
Just a thought.

-
Regards
Mick Pollard ( lunix )
------------------------------------------------
BOFH Excuse of the day:
Extraneous Parity Interrupt

  • application/pgp-signature attachment: stored
Received on May 14 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]