[unisog] step up in SSH scanning starting today?
Stephen John Smoogen
smooge at unm.edu
Tue May 13 18:37:02 GMT 2008
Robert Lemos wrote:
>
> On May 12, 2008, at 11:02 PM, <vijay at ericavijay.net
> <mailto:vijay at ericavijay.net>> <vijay at ericavijay.net
> <mailto:vijay at ericavijay.net>> wrote:
>
>> Yes, huge increase in our honeypot about 1600 from just one single IP
>> in KR,
>> yesterday within a few hours.
>
> Ubuntu also just announced a serious vulnerability in OpenSSH keys. I
> don't know if the increase -- which seems to be a random dictionary
> attack against SSH hosts -- and the release of the vulnerability are
> related.
>
> http://www.ubuntu.com/usn/usn-612-1
>
What this is going to cause is a lot of systems to have new SSH keys
created for them (since that is one root of the vulnerability). I would
suggest that people confirm that the keys are good since this would be a
great time to set up MITM systems (hey look ma, half the net is rekeying!)
--
Stephen Smoogen -- ITS/Linux Administrator
MSC02 1520 1 University of New Mexico Albuquerque, NM 87131-0001
Phone: (505) 277-8219 Email: smooge at unm.edu
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the unisog
mailing list