[Intrusions] SSH brute force attacks
Nick FitzGerald
nick at virus-l.demon.co.uk
Thu Sep 1 09:28:10 GMT 2005
Isaac Perez to Luc Pauwels:
[top-posting-itis fixed]
> > I've noticed that the majority of SSH brute force attacks on our systems seem to
> > originate from Asia (India, China, Korea). Is this just a coincidence, or is
> > there more going on?
>
> The majority of servers compromised in this countries hasn't any form to
> notify their abuses.
> Every day I notify to the abuse team of the network that attacks my
> servers, if I can, of course.
> I know that very little portion of the networks in this countries have
> an abuse team, or the abuse team respond my emails..
> Maybe that's a reason.
I'd guess this is not the case for India, where I believe that most
folk educated enough to run an ISP probably have suitable levels of
English language education, but in China and Korea there is definitely
a language issue.
If abuse complaints direct to ISPs in those countries (and perhaps
CC'ed to their upstream, which being bigger is more likely to have
better foreign language skills) draw a blank, consider CC'ing the
national CERTs on your "re-complaint".
Regards,
Nick FitzGerald
More information about the Intrusions
mailing list