[unisog] step up in SSH scanning starting today?

John E. Tysko tysko at boss.cs.ohiou.edu
Tue May 13 03:05:39 GMT 2008

	Anyone else see a significant rise in SSH dictionary attacks, especially 
	from .KR?

	A friend at a local ISP (CA.US) reported this morning that they usually 
	see 1-3 scans per day, but had 10 concurrent sweeps this morning with 
	more sources popping up at about 1 new per hour.  Most sources in China, 
	and KR, IIRC.

  I've noticed this for the past week,(>600 IPs scanning us) but 
I've noticed today that it seems the attacks are coordinated with
various IP's scanning us one login ID per scanning IP. From 5:00AM EST
to 11:00PM we had around 1025 scans, from 462 IPs, using 626 logins.
The scans hit us alphabetically, as in 

and so on. They are down to burt. 


/~\ The ASCII        John Tysko                        tysko at boss.cs.ohiou.edu
\ / Ribbon Campaign  Systems Administrator             tysko at eecs.ohiou.edu
 X  Against HTML     The School of Electrical          180 Convocation Ctr
/ \ Email!           Engineering and Computer Science  Phone: 1-740-593-1137
                     Ohio University, Athens Oh 45701  Fax:   1-740-593-0406

More information about the unisog mailing list