[geeks] SSH Scans Increasing
Sridhar Ayengar
ploopster at gmail.com
Thu Aug 21 10:54:14 CDT 2008
Jonathan C. Patschke wrote:
> Has anyone else seen a very sharp increase in the number of SSH scans
> since this weekend?
>
> I have a program running out of cron that looks for break-ins and updates
> my /etc/pf.conf automagically. It mails me when it adds a new host to the
> list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
>
> All the new scans appear to use the same dictionary. It starts off with
> some German words pertaining to academia, and then a straight alphabetical
> dictionary attack (abel, abi, abraham, access, account...). The IP
> addresses scanning me don't come from the same country, so I suspect this
> is some new botnet.
I've noticed this too. I have my work laptop on my outside-visible
network at home once in a while, and the Symantec Desktop Firewall
running on the laptop has seemed to be kicking off an attempted
connection to SSH every few seconds.
Peace... Sridhar
More information about the geeks
mailing list