Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote openssh probe or crack?.

From: Rich Henning <vulnerable () fast net>
Date: Fri, 14 Jun 2002 11:45:28 -0400
On Thu, Jun 13, 2002 at 04:23:34PM -0500, m () rl206 org wrote:

 Speaking of which, has else anyone noticed an upturn in 
ssh scanning lately? 


If "lately" refers to about the last year and a half, definitely.  It
used to be that my wrapper scripts would throw an ssh attempt only a few
times a week.  Over the last year or so, I see many of these a day.
This behavior can probably be attributed to kiddies using automated
scanning tools over a wide range of blocks to find vulnerable machines
to compromise, due to the rash of openssh issues that have manifested
during this time, but that's only my guess.

-- 
[ rich henning      ]                                             /"\
[ henninrp () fast net ]                                             \ /
                                                                   X
support the ascii ribbon campaign against html e-mail             / \

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: