Educause Security Discussion mailing list archives
Re: Uptick in SSH attempts; anyone else ?
From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Mon, 18 Jan 2010 14:25:55 -0500
You are not alone - we observed the same here. See also: http://isc.sans.org/port.html?port=22 On 1/18/2010 2:16 PM, Andrew Daviel wrote:
We monitor and block attempts to brute-force SSH logins. Usually we block a few a day, with at most about 60. Over the weekend we had a spike of over 500. I.e. 500 separate source addresses trying to login to multiple accounts/machines using 1000 different IDs. Anyone else seen this, or is it just us ? (BTW, my previous collection of attempted ID/passwords - from a hacked sshd - is at http://andrew.triumf.ca/ssh_pass_file2.html )
-- - Anthony Maszeroski, CCNA, CISSP ----------------------------------- Information Security Manager The University of Scranton email : maszeroskia3 () scranton edu phone : 570-941-4226 -----------------------------------
Current thread:
- Uptick in SSH attempts; anyone else ? Andrew Daviel (Jan 18)
- <Possible follow-ups>
- Re: Uptick in SSH attempts; anyone else ? Lorenz, Eva (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Ken Connelly (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Anthony Maszeroski (Jan 18)