Educause Security Discussion mailing list archives
Re: Uptick in SSH scanning ?
From: Michael Benedetto <mbenedetto () AMNH ORG>
Date: Fri, 12 Dec 2014 04:41:34 +0000
Same thing here. We had at least a tenfold increase in SSH scanning from a wide distribution of IPs. Mike Benedetto -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel L. Rosenblatt Sent: Thursday, December 11, 2014 6:49 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Uptick in SSH scanning ? Hi, We saw Type probes unique IPs 22/tcp 15377395 190 in the last 24 hours - A little higher than normal Thanks, Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 On Fri, Dec 12, 2014 at 8:44 AM, Andrew Daviel <advax () triumf ca> wrote:
We seem to have seen a 10x increase in SSH scans over the last few days. I wondered if that was a common experience. From something like 40 unique source addresses/day to a /16 subnet to over 1000 yesterday. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Uptick in SSH scanning ? Andrew Daviel (Dec 11)
- Re: Uptick in SSH scanning ? Joel L. Rosenblatt (Dec 11)
- Re: Uptick in SSH scanning ? Michael Benedetto (Dec 11)
- Re: Uptick in SSH scanning ? Jason Gates (Dec 11)
- Re: Uptick in SSH scanning ? Laurie Zirkle (Dec 11)
- Re: Uptick in SSH scanning ? Justin C. Klein Keane (Dec 18)
- Re: Uptick in SSH scanning ? Livio Ricciulli (Dec 18)
- <Possible follow-ups>
- Re: Uptick in SSH scanning ? Joseph Tam (Dec 12)
- Re: Uptick in SSH scanning ? Joel L. Rosenblatt (Dec 11)