SSH Attack from Germany

[Rowland Harrison <rharriso () ODU EDU>]

Beginning at about 6PM EDT, a lot of traffic began to be focused at a
single system in our Library.
Most of the traffic (116K / minutes) was SSH SYNs to our system from
67.15.101.24.
The Admins e-mail address for this system is @evlservers.net.   (sounds bad
already)

I am hearing rumors that many other sites are seeing this same kind of
traffic.
We have routed the traffic to a null address, but it continues to come at
us at a rapid rate.
Network Va has now installed an ip route to null0 for Network VA and MATP.

Who else is seeing this traffic?
If you are also seeing this kind of thing, what are you doing to stop the
traffic even before it gets to your own front door?

* * * * * * * * * * * * * * * * * * * * *
Rowland B. Harrison
Old Dominion University
Office of Computing and Communications Services
Asst. Director - Information Security and Operations

Phone:  757-683-3210
FAX:      757-683-5155
* * * * * * * * * * * * * * * * * * * * *