[geeks] SSH Scans Increasing
Ido Dubrawsky
idubraws at dubrawsky.org
Thu Aug 21 10:33:22 CDT 2008
I haven't seen anything lately. I'm running the latest OpenSSH as well. On top of that I only accept public-key/private-key authentication. Either way I haven't seen anything at this point.
Ido
Jonathan C. Patschke Wrote:
> Has anyone else seen a very sharp increase in the number of SSH scans
> since this weekend?
>
> I have a program running out of cron that looks for break-ins and updates
> my /etc/pf.conf automagically. It mails me when it adds a new host to the
> list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
>
> All the new scans appear to use the same dictionary. It starts off with
> some German words pertaining to academia, and then a straight alphabetical
> dictionary attack (abel, abi, abraham, access, account...). The IP
> addresses scanning me don't come from the same country, so I suspect this
> is some new botnet.
--
Ido Dubrawsky
Network Security Architect
dubrawsky.org
http://www.dubrawsky.org/blogs
http://idubrawsky.wordpress.coms
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the geeks
mailing list