funsec mailing list archives
Re: 'Cyber Attack' Aimed At Texas Electricity Provider
From: Valdis.Kletnieks () vt edu
Date: Sun, 04 Apr 2010 12:41:17 -0400
On Sat, 03 Apr 2010 22:16:13 PDT, Paul Ferguson said:
Local 2 Investigates has uncovered details about a so-called "cyber attack" on one of Texas' largest electricity providers, Local 2 reported. A confidential e-mail obtained by Local 2 explains a "single IP address in China" tried 4,800 times to log in to the Lower Colorado River Authority's computer system.
I'm *hoping* that means somebody noticed 4,800 '-j DROP' for port 22 in their iptables logs. Of course, it was probably telnet or rlogin logging a bad password. If I had a nickel for every ssh woodpecker we see, I could retire to a bungalow on a nice beach somewhere in the cheaper part of the Pacific Rim. If I counted the ones we *don't* see because we don't even bother logging them, I'd probably have a McMansion on the expensive side of the Pacific Rim. ;)
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'Cyber Attack' Aimed At Texas Electricity Provider Paul Ferguson (Apr 03)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Blue Boar (Apr 03)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Joel Esler (Apr 04)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Valdis . Kletnieks (Apr 04)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Rich Kulawiec (Apr 06)
- <Possible follow-ups>
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Jeff Kell (Apr 04)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Blue Boar (Apr 03)