Security Incidents mailing list archives
Re: Anyone else seeing a spike in SSHd scans?
From: Dave Laird <dlaird () kharma net>
Date: Sun, 29 Jun 2003 10:03:09 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good morning... On Sunday 29 June 2003 9:12 am, p00p () instable net wrote:
one thing that could be of interesting note is that comcast IS now attbi.com, after a merger a few months ago. new customers are put on comcast ips, but remaining customers from before the merger still have attbi.com addresses so basically all your scans are from the same isp. are all your scans from the same geographical areas?
It would seem that way, yes. The returns I've seen, thus far, all come from ne.attbi.com which would tend to make think so. For the time being, I've blocked their IP block in the firewall until I get some kind of meaningful response from ATT. Coincidentally, in a similar frame of reference, about this same time I noted a sudden surge of SPAM e-mail hitting my mail filters from that same address just prior to when I blocked the IP. <grin> I think the admins that once maintained attbi.com are now working frantically on the comcast network, but I could be wrong. Dave - -- Dave Laird (Dave () kharma net) The Used Kharma Lot / The Phoenix Project Web Page: http://www.kharma.net updated 04/15/2003 Usenet News server: news.kharma.net Musicians Calendar and Database access: http://www.kharma.net/calendar.html An automatic & random thought For the Minute: Collaboration, n.: A literary partnership based on the false assumption that the other fellow can spell. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+/xvNZx0/eWCCG/wRAgIcAJwM2gOc/IlZPh45yLY0bM6jB7ck3QCfUCTX 1v/rfpn+OmZ/MrKYRHfWxGs= =HnnC -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Anyone else seeing a spike in SSHd scans? Jay D. Dyson (Jun 27)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 28)
- Re: Anyone else seeing a spike in SSHd scans? p00p (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? p00p (Jun 29)
- Re: Anyone else seeing a spike in SSHd scans? Dave Laird (Jun 28)