I doubt it, that's a man in the middle attack if I understood, this is a
kind of distributed brute force and as I said in a more recent post,
they are no longer only trying Root, but are using a list of alphabetic
logins so it has evolved.
Gary B
Mick Pollard wrote:
> On Wed, 07 May 2008 08:27:15 -0400
> Gary Baribault <gary_at_baribault.net> wrote:
>
> > I don't know what is going on last night and this morning ... I have
> > three Linux servers facing the Internet, two on cable modems and another
> > on a static IP/commercial connection and this last one is a gateway to a
> > Web/FTP/SMTP/Pop3/NTP Linux based system.
> >
>
> > Of the three machines, one of them only had about 10 attempts, but the
> > other two had about 200 attempts .. all of them with only 1 try with the
> > user Root ..
> >
> > Is any one else seing this? or am I being targeted? This is still going
> > on now .. and it started arround 10:00 last night GMT+4
> These aren't related to the recent openssh advisory for debian based
> distros ? [USN-612-2] OpenSSH vulnerability
> A bot looking for debian based servers with weak ssh keys ?
> Just a thought.
>
> -
> Regards
> Mick Pollard ( lunix )
> ------------------------------------------------
> BOFH Excuse of the day:
> Extraneous Parity Interrupt
>
>
Received on May 14 2008
Intro
