Security Incidents mailing list archives
Re: MASSIVE ssh attack attempt
From: brendan () AUSTCO COM AU (Brendan Grieve)
Date: Fri, 18 Feb 2000 09:23:15 +0800
<Snip>
interesting traceroute of 210.134.59.39 17 Sendai1.IIJ.Net (202.232.3.2) 349.523 ms 359.412 ms 340.129 ms 18 yamabikogw.iij.net (210.130.153.70) 567.680 ms 559.349 ms 559.639
ms
19 sendai1.iij.net (210.130.153.69) 570.052 ms 599.384 ms 610.118 ms 20 yamabikogw.iij.net (210.130.153.70) 858.527 ms 789.406 ms 799.505
ms
seems to bounce back and forth and again for 124.64.2.61 5 fe-0-0.core3.cvg1.one.net (216.23.31.3) 109.816 ms 109.456 ms
110.571 ms
6 cvx1800-1.cvg1.one.net (207.78.244.150) 118.531 ms 119.431 ms
119.569 ms
7 fe-0-1.core3.cvg1.one.net (207.78.244.1) 130.067 ms 119.407 ms
109.601 ms
8 cvx1800-1.cvg1.one.net (207.78.244.150) 119.541 ms 130.000 ms
128.536 ms
9 fe-0-1.core3.cvg1.one.net (207.78.244.1) 129.589 ms 169.247 ms
130.184 ms
(one net is my isp from which i am tracerouting and those are routers)
<Snip> Actually, quite explainable. Quite a few ISP's I've noticed use this technique on their Static Dial-up lines. Essentially you "buy" a permanent dial up connection, and get a static IP. However, when you lose connection, the router reconfigures to deliberately have a loop so that any packets are quickly killed (Why I have not figured out). All thats happening is that at the time you're doing a traceroute, the connection to these accounts are not established. I'm not sure if ISP's do the same to their dynamic dial ups (I assume so) Cheers Brendan
Current thread:
- Dispostion of UPD/137 packets?, (continued)
- Dispostion of UPD/137 packets? Bill Pennington (Feb 15)
- Re: ports ports and more ports Robert Lau (Feb 15)
- succesful crack Bob Lockie (Feb 15)
- Re: succesful crack Gene Harris (Feb 16)
- Re: succesful crack **read nine (Feb 17)
- Re: succesful crack R. Gupta (Feb 17)
- Re: succesful crack Gene Harris (Feb 16)
- Port Scanning (perhaps related to "A very strange port scan") Warren Belfer (Feb 15)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
- Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
- Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
- Undernet/telnet attempts? SecOrg (Feb 18)
- Re: Undernet/telnet attempts? Opus (Feb 21)
- Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
- Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
- Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)