[unisog] step up in SSH scanning starting today?

John E. Tysko tysko at boss.cs.ohiou.edu
Tue May 13 03:05:39 GMT 2008


	Anyone else see a significant rise in SSH dictionary attacks, especially 
	from .KR?

	A friend at a local ISP (CA.US) reported this morning that they usually 
	see 1-3 scans per day, but had 10 concurrent sweeps this morning with 
	more sources popping up at about 1 new per hour.  Most sources in China, 
	and KR, IIRC.

  I've noticed this for the past week,(>600 IPs scanning us) but 
I've noticed today that it seems the attacks are coordinated with
various IP's scanning us one login ID per scanning IP. From 5:00AM EST
to 11:00PM we had around 1025 scans, from 462 IPs, using 626 logins.
The scans hit us alphabetically, as in 
anatole
anaya
ancelin
ancelin
anchoret
ande

and so on. They are down to burt. 

John


/~\ The ASCII        John Tysko                        tysko at boss.cs.ohiou.edu
\ / Ribbon Campaign  Systems Administrator             tysko at eecs.ohiou.edu
 X  Against HTML     The School of Electrical          180 Convocation Ctr
/ \ Email!           Engineering and Computer Science  Phone: 1-740-593-1137
                     Ohio University, Athens Oh 45701  Fax:   1-740-593-0406



More information about the unisog mailing list