Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: targetted SSH bruteforce attacks

From: Frank Bures <lisfrank () chem toronto edu>
Date: Thu, 17 Jun 2010 10:42:32 -0400
Gary Baribault wrote:

I just knew that people would say that, and that's why I specified
that I WANT to keep SSH on 22 .. it's fun to see the attacks, and it's
interesting to see new types of attacks. The question here is whether
anyone else is seeing such a targeted attack.


I've seen an interesting SSH attack in the last couple of days on our /22
network.  Instead of probing port 22 on many machines in the shortest
possible time period as usual, this attack seems to be trying to be
stealthy.  It never attacks more than 4 machines in an hour and never twice
from the same IP address.  As all attacking addresses are subsequently
blocked, I wonder how long is it going to take for the guy(s) to run out of
available addresses at this rate :-)

Cheers
Frank



-- 

<feeb () chem toronto edu>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: