Full Disclosure mailing list archives
Re: targetted SSH bruteforce attacks
From: Valdis.Kletnieks () vt edu
Date: Thu, 17 Jun 2010 10:15:15 -0400
On Thu, 17 Jun 2010 07:48:18 EDT, Gary Baribault said:
Both of these systems are within one /21 and get attacked regularly. I run Denyhosts on them, and update the central server once an hour with attacking IPs, and obviously also download the public hosts.deny list. These machines get hit regularly, so often that I don't really care, it's fun to make the script kiddies waste their time! But in this instance, only my home box is being attacked... someone is burning a lot of cycles and hosts to do a distributed dictionary attack on my one box!
One of two things springs to mind: 1) when they scanned your address space looking for SSH hosts to try to whack, your one host didn't report as a target for some random reason. 2) they're handling their list of targets in a pseudo-random order. We've seen attacking IPs pound on 2 or 3 hosts in our /16 for a few days, then go away, and 2-3 weeks later return to pound on other targets. Bottom line: Either they didn't notice your other box, or they'll get around to poking it in a few weeks...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability Giuseppe Iuculano (Jun 17)
- targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Emmanuel VERCHERE (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Randal L. Schwartz (Jun 17)
- Re: targetted SSH bruteforce attacks Paul Schmehl (Jun 17)
- Re: targetted SSH bruteforce attacks Emmanuel VERCHERE (Jun 17)
- Re: targetted SSH bruteforce attacks Adam Richards (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Valdis . Kletnieks (Jun 17)
- Re: targetted SSH bruteforce attacks Michael Holstein (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Bipin Gautam (Jun 17)
- targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Gregory Bellier (Jun 17)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 17)
- Re: targetted SSH bruteforce attacks Samuel MartÃn Moro (Jun 17)
- Re: targetted SSH bruteforce attacks yersinia (Jun 23)
- Re: targetted SSH bruteforce attacks Cody Robertson (Jun 23)
- Re: targetted SSH bruteforce attacks Gary Baribault (Jun 23)
- Re: targetted SSH bruteforce attacks Cody Robertson (Jun 23)