Increase in SSH attacks as of announcement of rtld bug
Chuck Swiger
cswiger at mac.com
Tue Dec 1 20:28:23 UTC 2009
Hi--
On Dec 1, 2009, at 11:09 AM, Mike Tancsa wrote:
> http://isc.sans.org/trends.html
> and
> http://isc.sans.org/port.html
>
> Do not seem to show any increase.
I've checked, and the volume of attempts over the past few days seems pretty constant, although there was actually a decrease around Nov 26-29 corresponding to US Thanksgiving holiday. :-)
I do use denyhosts with ~4000 IPs known to be actively scanning SSH blocked. I do note an increasing number of malicious scans using "Client: libssh-0.1" string instead of legit connects with "Client: OpenSSH_5.2" or similar....
Regards,
--
-Chuck
More information about the freebsd-security
mailing list