Re: Weird SSH attack last night and this morning (still ongoing)

[Mick Pollard <lists () lunix com au>]

On Wed, 07 May 2008 08:27:15 -0400
Gary Baribault <gary () baribault net> wrote:

> I don't know what is going on last night and this morning ... I have 
> three Linux servers facing the Internet, two on cable modems and another 
> on a static IP/commercial connection and this last one is a gateway to a 
> Web/FTP/SMTP/Pop3/NTP Linux based system.

> Of the three machines, one of them only had about 10 attempts, but the 
> other two had about 200 attempts .. all of them with only 1 try with the 
> user Root ..
>
> Is any one else seing this? or am I being targeted? This is still going 
> on now .. and it started arround 10:00 last night GMT+4
These aren't related to the recent openssh advisory for debian based
distros ? [USN-612-2] OpenSSH vulnerability
A bot looking for debian based servers with weak ssh keys ?
Just a thought. 

- 
Regards
Mick Pollard ( lunix )
------------------------------------------------
BOFH Excuse of the day:
Extraneous Parity Interrupt

Attachment: _bin
Description: