[unisog] step up in SSH scanning starting today?
John E. Tysko
tysko at boss.cs.ohiou.edu
Tue May 13 03:05:39 GMT 2008
Anyone else see a significant rise in SSH dictionary attacks, especially
from .KR?
A friend at a local ISP (CA.US) reported this morning that they usually
see 1-3 scans per day, but had 10 concurrent sweeps this morning with
more sources popping up at about 1 new per hour. Most sources in China,
and KR, IIRC.
I've noticed this for the past week,(>600 IPs scanning us) but
I've noticed today that it seems the attacks are coordinated with
various IP's scanning us one login ID per scanning IP. From 5:00AM EST
to 11:00PM we had around 1025 scans, from 462 IPs, using 626 logins.
The scans hit us alphabetically, as in
anatole
anaya
ancelin
ancelin
anchoret
ande
and so on. They are down to burt.
John
/~\ The ASCII John Tysko tysko at boss.cs.ohiou.edu
\ / Ribbon Campaign Systems Administrator tysko at eecs.ohiou.edu
X Against HTML The School of Electrical 180 Convocation Ctr
/ \ Email! Engineering and Computer Science Phone: 1-740-593-1137
Ohio University, Athens Oh 45701 Fax: 1-740-593-0406
More information about the unisog
mailing list