Educause Security Discussion mailing list archives
SSH Attack from Germany
From: Rowland Harrison <rharriso () ODU EDU>
Date: Tue, 31 Jul 2007 13:24:12 -0400
Beginning at about 6PM EDT, a lot of traffic began to be focused at a single system in our Library. Most of the traffic (116K / minutes) was SSH SYNs to our system from 67.15.101.24. The Admins e-mail address for this system is @evlservers.net. (sounds bad already) I am hearing rumors that many other sites are seeing this same kind of traffic. We have routed the traffic to a null address, but it continues to come at us at a rapid rate. Network Va has now installed an ip route to null0 for Network VA and MATP. Who else is seeing this traffic? If you are also seeing this kind of thing, what are you doing to stop the traffic even before it gets to your own front door? * * * * * * * * * * * * * * * * * * * * * Rowland B. Harrison Old Dominion University Office of Computing and Communications Services Asst. Director - Information Security and Operations Phone: 757-683-3210 FAX: 757-683-5155 * * * * * * * * * * * * * * * * * * * * *
Current thread:
- SSH Attack from Germany Rowland Harrison (Jul 31)