[unisog] step up in SSH scanning starting today?
John E. Tysko
tysko at boss.cs.ohiou.edu
Tue May 13 03:05:39 GMT 2008
Anyone else see a significant rise in SSH dictionary attacks, especially
A friend at a local ISP (CA.US) reported this morning that they usually
see 1-3 scans per day, but had 10 concurrent sweeps this morning with
more sources popping up at about 1 new per hour. Most sources in China,
and KR, IIRC.
I've noticed this for the past week,(>600 IPs scanning us) but
I've noticed today that it seems the attacks are coordinated with
various IP's scanning us one login ID per scanning IP. From 5:00AM EST
to 11:00PM we had around 1025 scans, from 462 IPs, using 626 logins.
The scans hit us alphabetically, as in
and so on. They are down to burt.
/~\ The ASCII John Tysko tysko at boss.cs.ohiou.edu
\ / Ribbon Campaign Systems Administrator tysko at eecs.ohiou.edu
X Against HTML The School of Electrical 180 Convocation Ctr
/ \ Email! Engineering and Computer Science Phone: 1-740-593-1137
Ohio University, Athens Oh 45701 Fax: 1-740-593-0406
More information about the unisog