Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity?
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Tue, 11 Dec 2001 10:13:47 +1300
On Sun, 9 Dec 2001 12:23:26 -0800 (PST) "Jay D. Dyson" <jdyson () treachery net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hi folks, I've been seeing a lot of SSHd scans of late. That in itself isn't odd, but the sheer volume of the scans is what's got my attention. These sorts of scans used to occur infrequently, but now they're coming within minutes of each other, and they're coming from all over the globe. Has anyone else seen this sort of thing from their systems?
I'm seeing four or five scans a day across two disparate network blocks. (i.e. *total* of four or five). Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Armando Ortiz (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Russell Fulton (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Jacek Lipkowski (Dec 11)
- Re: Voluminous SSHd scanning; possible worm activity? Glenn Forbes Fleming Larratt (Dec 16)
- Re: Voluminous SSHd scanning; possible worm activity? Clarissa Cook (Dec 17)
- <Possible follow-ups>
- Re: Voluminous SSHd scanning; possible worm activity? Neil Dickey (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Jay D. Dyson (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Markus Friedl (Dec 10)
- RE: Voluminous SSHd scanning; possible worm activity? Schroeder, Eric (Dec 10)
- Re: Voluminous SSHd scanning; possible worm activity? Florian Weimer (Dec 10)
(Thread continues...)