Security Incidents: RE: Distributed Bruteforce against SSH

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: Distributed Bruteforce against SSH

From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Mon, 12 May 2008 14:01:52 -0400

I wanted to follow up on this after putting a little more thought into it.  Honestly, I'm quite impressed by the 
intelligence the botnet is exhibiting.  Based on the testing I've done, it's clear that the entire botnet is 
collectively sharing its position in the dictionary on a per-target basis.  Fairly slick, IMO.

-----Original Message-----
From: Gary Baribault [mailto:gary () baribault net]
Sent: Monday, May 12, 2008 11:28 AM
To: incidents () securityfocus com
Subject: Distributed Bruteforce against SSH

I guess what I reported last week was the warmup round ..
Where now getting thousands of attemped logins with the
standars dictionary of potential login names.

By Date By Thread

Current thread:

Distributed Bruteforce against SSH Gary Baribault (May 12)
- RE: Distributed Bruteforce against SSH Keith T. Morgan (May 12)
- RE: Distributed Bruteforce against SSH Keith T. Morgan (May 12)
  - Re: Distributed Bruteforce against SSH Tim Kennedy (May 12)
- Message not available
  - Re: Distributed Bruteforce against SSH Gary Baribault (May 12)