Educause Security Discussion mailing list archives
Re: Uptick in SSH attempts; anyone else ?
From: "Lorenz, Eva" <evalorenz () UNC EDU>
Date: Mon, 18 Jan 2010 14:18:35 -0500
We had an increased number of SSH attempts over the weekend, starting late Friday night. Fri to Sat IPs from European countries, a lot of German IPs, then also some US, China, Brazil and Russia Sat to Sunday Germany, Russia and Brazil - Eva ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel [advax () TRIUMF CA] Sent: Monday, January 18, 2010 2:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Uptick in SSH attempts; anyone else ? We monitor and block attempts to brute-force SSH logins. Usually we block a few a day, with at most about 60. Over the weekend we had a spike of over 500. I.e. 500 separate source addresses trying to login to multiple accounts/machines using 1000 different IDs. Anyone else seen this, or is it just us ? (BTW, my previous collection of attempted ID/passwords - from a hacked sshd - is at http://andrew.triumf.ca/ssh_pass_file2.html ) -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Uptick in SSH attempts; anyone else ? Andrew Daviel (Jan 18)
- <Possible follow-ups>
- Re: Uptick in SSH attempts; anyone else ? Lorenz, Eva (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Ken Connelly (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Anthony Maszeroski (Jan 18)