funsec mailing list archives

Re: 'Cyber Attack' Aimed At Texas Electricity Provider

From: Valdis.Kletnieks () vt edu
Date: Sun, 04 Apr 2010 12:41:17 -0400

On Sat, 03 Apr 2010 22:16:13 PDT, Paul Ferguson said:

Local 2 Investigates has uncovered details about a so-called "cyber attack"
on one of Texas' largest electricity providers, Local 2 reported.

A confidential e-mail obtained by Local 2 explains a "single IP address in
China" tried 4,800 times to log in to the Lower Colorado River Authority's
computer system.


I'm *hoping* that means somebody noticed 4,800 '-j DROP' for port 22 in their
iptables logs. Of course, it was probably telnet or rlogin logging a bad
password. 

If I had a nickel for every ssh woodpecker we see, I could retire to a bungalow
on a nice beach somewhere in the cheaper part of the Pacific Rim. If I counted
the ones we *don't* see because we don't even bother logging them, I'd probably
have a McMansion on the expensive side of the Pacific Rim. ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

'Cyber Attack' Aimed At Texas Electricity Provider Paul Ferguson (Apr 03)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Blue Boar (Apr 03)
  - Re: 'Cyber Attack' Aimed At Texas Electricity Provider Joel Esler (Apr 04)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Valdis . Kletnieks (Apr 04)
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Rich Kulawiec (Apr 06)
- <Possible follow-ups>
- Re: 'Cyber Attack' Aimed At Texas Electricity Provider Jeff Kell (Apr 04)