[unisog] step up in SSH scanning starting today?

Tom Perrine tperrine at scea.com
Mon May 12 20:40:01 GMT 2008

Anyone else see a significant rise in SSH dictionary attacks, especially 
from .KR?

A friend at a local ISP (CA.US) reported this morning that they usually 
see 1-3 scans per day, but had 10 concurrent sweeps this morning with 
more sources popping up at about 1 new per hour.  Most sources in China, 
and KR, IIRC.

Another site (UK) reported a similar but not quite as aggressive set of 
new sweeps, all theirs from .KR IP space.

I'm not seeing it here.

What's the consensus?  Isolated or major ramp-up?

More information about the unisog mailing list