[Dshield] ssh attacks

Breno Leitão leitao at async.com.br
Wed Oct 27 00:34:45 GMT 2004


Probably the attackers are using the same ssh brute force script found  on: 
http://www.k-otik.com/exploits/08202004.brutessh2.c.php
Appears to me that attackers are script kiddies finding for weak
password, nothing more... :)


Cheers, 
Breno Leitão


On Tue, Oct 26, 2004 at 03:19:28PM -0400, Jan Seidl wrote:
> Thats right... i've got a few here @ my personal desktop pc (linux slack)...
> 
> I've tracerouted a few and they all came from Asia and Korea...
> 
> I think that they're watching too many cyberpunk animes.... >.O
> 
> Just made a shellscript to check the logs for the illegal attempts and 
> add'em to iptables... the messages on my terminal were annoying me...
> 
> 
> Darin Fisher wrote:
> 
> >Yes, I've been seeing a tremendous increase in attempts also.
> >A average of 0 - 10 per day is now averaging over 200 per day.
> >
> >I didn't check your addresses but attempts on my sites all seem to be
> >coming from Asia; China and Korea.
> >
> >I guess the hacker school
> >(http://it.slashdot.org/article.pl?sid=04/10/05/0314258&tid=172&tid=1)
> >must be labs.
> >
> >Any other thoughts?
> >
> >D
> >
> >
> >On Tue, 12 Oct 2004 08:30:08 -0700, Barton L. Phillips
> ><admin at bartonphillips.com> wrote:
> > 
> >
> >>In the last several days I have seen an increase in attempts to log into
> >>my server via SSH. Previously I was only seeing the "test" and "guest"
> >>attempts previously mentioned on this list. Here is an example of what I
> >>saw yesterday:
> >>
> >>Failed logins from these:
> >>
> >>...
> >>
> >>Has anyone else been seeing this?
> >>
> >>--

-- 
Async Open Source
(16) 3361 2331
São Carlos, SP
Brazil



More information about the list mailing list