Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Voluminous SSHd scanning; possible worm activity?

From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 11 Dec 2001 10:13:47 +1300

On Sun, 9 Dec 2001 12:23:26 -0800 (PST) "Jay D. Dyson" 
<jdyson () treachery net> wrote:


-----BEGIN PGP SIGNED MESSAGE-----

Hi folks,

      I've been seeing a lot of SSHd scans of late.  That in itself
isn't odd, but the sheer volume of the scans is what's got my attention. 
These sorts of scans used to occur infrequently, but now they're coming
within minutes of each other, and they're coming from all over the globe. 

      Has anyone else seen this sort of thing from their systems?


I'm seeing four or five scans a day across two disparate network 
blocks. (i.e. *total* of four or five).


Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: