Educause Security Discussion mailing list archives
Re: Uptick in SSH attempts; anyone else ?
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Mon, 18 Jan 2010 13:22:21 -0600
It was widespread, Andrew. Seen here and lots of other places, too. - ken On 1/18/10 1:16 PM, Andrew Daviel wrote:
We monitor and block attempts to brute-force SSH logins. Usually we block a few a day, with at most about 60. Over the weekend we had a spike of over 500. I.e. 500 separate source addresses trying to login to multiple accounts/machines using 1000 different IDs. Anyone else seen this, or is it just us ? (BTW, my previous collection of attempted ID/passwords - from a hacked sshd - is at http://andrew.triumf.ca/ssh_pass_file2.html )
-- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- Uptick in SSH attempts; anyone else ? Andrew Daviel (Jan 18)
- <Possible follow-ups>
- Re: Uptick in SSH attempts; anyone else ? Lorenz, Eva (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Ken Connelly (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Anthony Maszeroski (Jan 18)