Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Uptick in SSH scanning ?

From: "Justin C. Klein Keane" <jukeane () SAS UPENN EDU>
Date: Thu, 18 Dec 2014 13:09:46 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

  we saw a massive uptick recently, but when we correlated the IP
addresses of attackers with Tor exit nodes we discovered that someone
figured out how to use Tor ;)

Justin C. Klein Keane, MA MCIT
Security Engineer
University of Pennsylvania, School of Arts & Sciences

The PGP signature on this mail can be verified using the public
key at https://sites.sas.upenn.edu/kleinkeane

On 12/11/14 6:44 PM, Andrew Daviel wrote:

We seem to have seen a 10x increase in SSH scans over the last few
days. I wondered if that was a common experience.

From something like 40 unique source addresses/day to a /16
subnet to over

1000 yesterday.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUkxhoAAoJEIH7slQlJAgK/H4P/RoocMo0r9+Af6etBFQoe9lD
ptEKLUR3rRuO8ItBHMmhC5pKCzdzt6CRI2nQKX8ui5MpxwbRVvXntg1SpKxgu3+q
RZCpPdH9pR/C47jr664fmZj/HUMh1AkzSqZMFD7YPQ/bDOgnrAMRy8PPJd3UtRVC
pPeK3hMgOvFL/Q5WC4fvhRkkqW8+fLNNAD+qagdG2DEonsuThc2RDQCOKpz9hKK0
SSBEc11Lt/WXZfzHT7YI7u+9S2K8yAp1Hrkrc9AhY2zw4ZLfQOM6GoKYSviYhRBw
lM4e0n9XS9wYKq8tpzR4FOy0dPjrRdEQaBOw/lvOT7oCccEt77hiidCFCHIOq+nm
FdKYqokNK5FU987EeAxN17QydrfLjTiAUsiWWPUkOF0Aho0hdhLCA/ksa4JBB5ss
D5DpkSnbPB8sUT8zmxSqZ5wIcG3xUZM3LLmPQJt++Wa4uWwh8Sivj2HswTLzFzIY
LjVvF2nub0liVQJn880BDPLVLQu5P5UDXyHqJ/roIqk5kXOYDjKw9DvX/9xvWm9x
bwCcmaGWG4aGHqOZmbtU/PuDTSxxa8UH8DxjPMbypZMArbsybomKiGEXrlf8OOFQ
P6DIdY8GNywO7hPRLFFBUkc8IftXxynKc2GZQ1Fz5VyFbwpmUheoYd6pe9TakdmQ
qmPo/UDL/noLO3qjID+m
=kUzL
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: