|
Security Incidents
mailing list archives
Re: Weird SSH attack last night and this morning (still ongoing)
From: Mick Pollard <lists () lunix com au>
Date: Wed, 14 May 2008 18:25:30 +1000
On Wed, 07 May 2008 08:27:15 -0400
Gary Baribault <gary () baribault net> wrote:
I don't know what is going on last night and this morning ... I have
three Linux servers facing the Internet, two on cable modems and another
on a static IP/commercial connection and this last one is a gateway to a
Web/FTP/SMTP/Pop3/NTP Linux based system.
Of the three machines, one of them only had about 10 attempts, but the
other two had about 200 attempts .. all of them with only 1 try with the
user Root ..
Is any one else seing this? or am I being targeted? This is still going
on now .. and it started arround 10:00 last night GMT+4
These aren't related to the recent openssh advisory for debian based
distros ? [USN-612-2] OpenSSH vulnerability
A bot looking for debian based servers with weak ssh keys ?
Just a thought.
-
Regards
Mick Pollard ( lunix )
------------------------------------------------
BOFH Excuse of the day:
Extraneous Parity Interrupt
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- Re: Weird SSH attack last night and this morning (still ongoing), (continued)
Re: Weird SSH attack last night and this morning (still ongoing) Valdis . Kletnieks (May 07)
Re: Weird SSH attack last night and this morning (still ongoing) bugtraq (May 07)
Message not available
Re: Weird SSH attack last night and this morning (still ongoing) Brent Kearney (May 07)
Re: Weird SSH attack last night and this morning (still ongoing) Mick Pollard (May 14)
| 
Intro
