[Dshield] ssh attacks
SJiang at adbsys.com
Thu Oct 14 14:54:10 GMT 2004
Those attacks started from Seoul do not necessarily mean they are trying to hack your network. Most likely is some of their systems have been hacked or affected by virus, and real hackers are using these systems to play the game.
ADB Systems International
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of brian simmons
Sent: Tuesday, October 12, 2004 2:22 PM
To: General DShield Discussion List
Subject: Re: [Dshield] ssh attacks
Yes, I see 1 to 4 of these attempts almost daily, 63 ip's to be exact so
far, They attempt to connect up to about 8 account names as many as 560
times a day per ip. Around 90% of mine come from Seoul and the other 10%
from France and other countries. I was just thinking it was some guy
from Seoul trying every day to hack our systems, Now I see its a lot
more than just our machines.
Dependable Internet L.L.C.
Barton L. Phillips wrote:
> In the last several days I have seen an increase in attempts to log
> into my server via SSH. Previously I was only seeing the "test" and
> "guest" attempts previously mentioned on this list. Here is an example
> of what I saw yesterday:
> Failed logins from these:
> Has anyone else been seeing this?
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list