[Dshield] ssh attacks
leitao at async.com.br
Wed Oct 27 00:34:45 GMT 2004
Probably the attackers are using the same ssh brute force script found on:
Appears to me that attackers are script kiddies finding for weak
password, nothing more... :)
On Tue, Oct 26, 2004 at 03:19:28PM -0400, Jan Seidl wrote:
> Thats right... i've got a few here @ my personal desktop pc (linux slack)...
> I've tracerouted a few and they all came from Asia and Korea...
> I think that they're watching too many cyberpunk animes.... >.O
> Just made a shellscript to check the logs for the illegal attempts and
> add'em to iptables... the messages on my terminal were annoying me...
> Darin Fisher wrote:
> >Yes, I've been seeing a tremendous increase in attempts also.
> >A average of 0 - 10 per day is now averaging over 200 per day.
> >I didn't check your addresses but attempts on my sites all seem to be
> >coming from Asia; China and Korea.
> >I guess the hacker school
> >must be labs.
> >Any other thoughts?
> >On Tue, 12 Oct 2004 08:30:08 -0700, Barton L. Phillips
> ><admin at bartonphillips.com> wrote:
> >>In the last several days I have seen an increase in attempts to log into
> >>my server via SSH. Previously I was only seeing the "test" and "guest"
> >>attempts previously mentioned on this list. Here is an example of what I
> >>saw yesterday:
> >>Failed logins from these:
> >>Has anyone else been seeing this?
Async Open Source
(16) 3361 2331
São Carlos, SP
More information about the list