Educause Security Discussion mailing list archives

Re: Uptick in SSH attempts; anyone else ?

From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Mon, 18 Jan 2010 13:22:21 -0600

It was widespread, Andrew.  Seen here and lots of other places, too.

- ken

On 1/18/10 1:16 PM, Andrew Daviel wrote:

We monitor and block attempts to brute-force SSH logins.
Usually we block a few a day, with at most about 60.

Over the weekend we had a spike of over 500. I.e. 500 separate source
addresses trying to login to multiple accounts/machines using 1000
different IDs.

Anyone else seen this, or is it just us ?

(BTW, my previous collection of attempted ID/passwords - from a hacked
sshd - is at http://andrew.triumf.ca/ssh_pass_file2.html )


--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Current thread:

Uptick in SSH attempts; anyone else ? Andrew Daviel (Jan 18)
- <Possible follow-ups>
- Re: Uptick in SSH attempts; anyone else ? Lorenz, Eva (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Ken Connelly (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Anthony Maszeroski (Jan 18)