Educause Security Discussion mailing list archives
Re: Uptick in SSH scanning ?
From: Laurie Zirkle <lat () VT EDU>
Date: Thu, 11 Dec 2014 20:17:26 -0500
I have not gotten a count, but I know I've seen a lot more unique addresses and an uptick. Not as many huge brute force, more like spoofed and trying to stay under the radar by not tripping Fail2Ban or our iptables rate limits. -- Laurie On Thu, Dec 11, 2014 at 7:35 PM, Jason Gates <jasongates () southern edu> wrote:
Two /20 subnets here.. Today: 1135 unique addresses Yesterday: 1328 3 days ago: 1638 4 days ago: 400 5 days ago: 121 6 days and beyond: ~100 source ip address list attached.. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew Daviel Sent: Thursday, December 11, 2014 6:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Uptick in SSH scanning ? We seem to have seen a 10x increase in SSH scans over the last few days. I wondered if that was a common experience. From something like 40 unique source addresses/day to a /16 subnet to over 1000 yesterday. -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Uptick in SSH scanning ? Andrew Daviel (Dec 11)
- Re: Uptick in SSH scanning ? Joel L. Rosenblatt (Dec 11)
- Re: Uptick in SSH scanning ? Michael Benedetto (Dec 11)
- Re: Uptick in SSH scanning ? Jason Gates (Dec 11)
- Re: Uptick in SSH scanning ? Laurie Zirkle (Dec 11)
- Re: Uptick in SSH scanning ? Justin C. Klein Keane (Dec 18)
- Re: Uptick in SSH scanning ? Livio Ricciulli (Dec 18)
- <Possible follow-ups>
- Re: Uptick in SSH scanning ? Joseph Tam (Dec 12)
- Re: Uptick in SSH scanning ? Joel L. Rosenblatt (Dec 11)