Increase in SSH attacks as of announcement of rtld bug
Mohd Fazli Azran
mfazliazran at gmail.com
Wed Dec 2 13:20:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike Tancsa wrote:
> At 08:44 PM 12/1/2009, Brett Glass wrote:
>> At 12:09 PM 12/1/2009, Mike Tancsa wrote:
>>
>>> http://isc.sans.org/trends.html
>>> and
>>> http://isc.sans.org/port.html
>>>
>>> Do not seem to show any increase.
>>
>> Do those stats account for the fact that the attackers may first be
>> fingerprinting servers to see if they're running FreeBSD?
>
> No idea. But looking at the logs of various hosts targeted by
> distributed scanners that hit my network, they dont seem to be that
> intelligent. There is no reason it couldnt be done, but I havent seen it
> yet here anyways.
>
> ---Mike
>
>
>> --Brett
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
Seem they use multi host and brute force. My network are every day
increasing the activity of attempt ssh login with multiple host +
multiple login with multiple password. seem i got many of this messages
Did not receive identification from X.X.X.X
Mohd Fazli Azran
System Analysis
KL Malaysia
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksWYrsACgkQNF5f3mz2bZm2QwCfTZhxaAu586n66tGoAoX2DzjH
Wd0AmgMQyxsmJ+eoeDEgJOdXMk2SxiaB
=Ymfg
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list