Nmap Security Scanner
 Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
|
 |
Security Incidents
mailing list archives
Re: Weird SSH attack last night and this morning (still ongoing)
From: Gary Baribault <gary () baribault net>
Date: Wed, 14 May 2008 19:05:21 -0400
I doubt it, that's a man in the middle attack if I understood, this is a
kind of distributed brute force and as I said in a more recent post,
they are no longer only trying Root, but are using a list of alphabetic
logins so it has evolved.
Gary B
Mick Pollard wrote:
On Wed, 07 May 2008 08:27:15 -0400
Gary Baribault <gary () baribault net> wrote:
> I don't know what is going on last night and this morning ... I have
> three Linux servers facing the Internet, two on cable modems and another
> on a static IP/commercial connection and this last one is a gateway to a
> Web/FTP/SMTP/Pop3/NTP Linux based system.
>
> Of the three machines, one of them only had about 10 attempts, but the
> other two had about 200 attempts .. all of them with only 1 try with the
> user Root ..
>
> Is any one else seing this? or am I being targeted? This is still going
> on now .. and it started arround 10:00 last night GMT+4
These aren't related to the recent openssh advisory for debian based
distros ? [USN-612-2] OpenSSH vulnerability
A bot looking for debian based servers with weak ssh keys ?
Just a thought.
-
Regards
Mick Pollard ( lunix )
------------------------------------------------
BOFH Excuse of the day:
Extraneous Parity Interrupt
 By Date 
By Thread
Current thread:
- Re: Weird SSH attack last night and this morning (still ongoing), (continued)
|
|
