Educause Security Discussion mailing list archives

Re: Uptick in SSH attempts; anyone else ?

From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Mon, 18 Jan 2010 14:25:55 -0500

You are not alone - we observed the same here. See also:

http://isc.sans.org/port.html?port=22

On 1/18/2010 2:16 PM, Andrew Daviel wrote:

We monitor and block attempts to brute-force SSH logins.
Usually we block a few a day, with at most about 60.

Over the weekend we had a spike of over 500. I.e. 500 separate source
addresses trying to login to multiple accounts/machines using 1000
different IDs.

Anyone else seen this, or is it just us ?

(BTW, my previous collection of attempted ID/passwords - from a hacked
sshd - is at http://andrew.triumf.ca/ssh_pass_file2.html )


--
- Anthony Maszeroski, CCNA, CISSP
-----------------------------------
Information Security Manager
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------

Current thread:

Uptick in SSH attempts; anyone else ? Andrew Daviel (Jan 18)
- <Possible follow-ups>
- Re: Uptick in SSH attempts; anyone else ? Lorenz, Eva (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Ken Connelly (Jan 18)
- Re: Uptick in SSH attempts; anyone else ? Anthony Maszeroski (Jan 18)