Security Incidents mailing list archives
Anyone else seeing a spike in SSHd scans?
From: "Jay D. Dyson" <jdyson () treachery net>
Date: Fri, 27 Jun 2003 12:55:52 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, I've seen an unusual spike in SSHd scans in the past 20 hours on systems I maintain for my employer and those I run on my own time. The largest spike began yesterday between 12:16 and 18:16 hours (PDT) and the others have begun trickling in on my non-work networks since around 08:00 hours today. It's all the usual suspects, of course: systems from Malaysia, the Netherlands, a DSL provider in Norway, and a Cable service in Taiwan. What's intrigued me about this is that SSHd scans had been fairly quiet for a time, then these scans generate more alerts than I've seen in the past two months on both work and personal systems. The last time a similar series of scans occurred (10/2001), I wondered aloud if there wasn't a new 0day exploit in the wild. Less than two weeks later, Dave Dittrich confirmed as much. So, to quote a phrase from Jurrasic Park, "Hold on to your butt." - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) | = |-' `--' `--' `Red meat isn't bad for you, fuzzy green meat is.' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQE+/KFMNlg1oZSC9mkRAjS1AJ4tzm2kzHXvyjmIKyCX/KI/Xzb+wACfa0Ph 4TI2EDbo+kxZqisE5fiUkmk= =8s6l -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Anyone else seeing a spike in SSHd scans? Jay D. Dyson (Jun 27)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 28)
- Re: Anyone else seeing a spike in SSHd scans? p00p (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? p00p (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 28)