Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Voluminous SSHd scanning; possible worm activity?

From: "Jay D. Dyson" <jdyson () treachery net>
Date: Sun, 9 Dec 2001 12:23:26 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----

Hi folks,

        I've been seeing a lot of SSHd scans of late.  That in itself
isn't odd, but the sheer volume of the scans is what's got my attention. 
These sorts of scans used to occur infrequently, but now they're coming
within minutes of each other, and they're coming from all over the globe. 

        It's not in my nature to speculate wildly, but the sheer volume of
these scans, coupled with the variety of their origins (not to mention the
timing) leads me to wonder if a worm isn't at play here.

        Has anyone else seen this sort of thing from their systems?

- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) |    = |-'
  `--' `--'  `---------- Si vis pacem, para bellum. ----------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBPBO6MrlDRyqRQ2a9AQGP4gQAiw7xizmbPJP6ds3YnD6J5qeBQUdnO6PQ
4FuFXxEL9HgGQe5ALykfzjF8BCyo6oB5JDL7ZulIA1XF0E5QnNx8jvoiwwGN86se
2+RmsD8XBC0YQj5t9yn4W9nqDC+COfgbClhS3M5m7ImZ9aYPrF3OR8T6XvyMrouS
k2bMaTkZmj8=
=COOE
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: