[Dshield] Distributed SSH brute force

Andreas Maus maus at ypbind.de
Wed May 7 17:57:55 GMT 2008


Hi *!

Since yesterday ~21:00 CEST (GMT+2) I've seen (*sigh* again)
several ssh brute force attempts for user root in a
distributed fashion (one attempt per IP) from several
hosts - almost all of them from western europe (.nl,.de,.at,.ch,...)

I'm wondering if anyone knows what these guys are trying to do
if they succeed. Installing a binary to do more distributed brute force
attempts? Something else ?

Ah and by the way - while struggeling with abuse handling - is there
an advice to persuade the guys and girls handling the abuse requests
that there _is_ a problem on their servers?
(Common quote: "So someony mistyped your hostname/IP address. So what?"
*grml* )

So long,

Andreas Maus.

-- 
"Things that try to look like things often do
 look more like things than things. Well-known fact."
Granny Weatherwax - "Wyrd sisters"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20080507/45aac46a/attachment.bin 


More information about the list mailing list