[Dshield] ssh attacks

Stoney Jiang SJiang at adbsys.com
Thu Oct 14 14:54:10 GMT 2004


Those attacks started from Seoul do not necessarily mean they are trying to hack your network. Most likely is some of their systems have been hacked or affected by virus, and real hackers are using these systems to play the game.

Stoney Jiang
Network Administrator
ADB Systems International

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of brian simmons
Sent: Tuesday, October 12, 2004 2:22 PM
To: General DShield Discussion List
Subject: Re: [Dshield] ssh attacks


Yes, I see 1 to 4 of these attempts almost daily, 63 ip's to be exact so 
far, They attempt to connect up to about 8 account names as many as 560 
times a day per ip. Around 90% of mine come from Seoul and the other 10% 
from France and other countries. I was just thinking it was some guy 
from Seoul trying every day to hack our systems, Now I see its a lot 
more than just our machines.

Brian Simmons
Systems Administrator
Dependable Internet L.L.C.


Barton L. Phillips wrote:

> In the last several days I have seen an increase in attempts to log 
> into my server via SSH. Previously I was only seeing the "test" and 
> "guest" attempts previously mentioned on this list. Here is an example 
> of what I saw yesterday:
>
> Failed logins from these:
>
>  
>
> Has anyone else been seeing this?
>
_______________________________________________
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list