[unisog] step up in SSH scanning starting today?

vijay at ericavijay.net vijay at ericavijay.net
Tue May 13 03:02:23 GMT 2008


Yes, huge increase in our honeypot about 1600 from just one single IP in KR, 
yesterday within a few hours.

Regards
Vijay Sarvepalli


----- Original Message ----- 
From: "Tom Perrine" <tperrine at scea.com>
To: "UNIversity Security Operations Group" <unisog at lists.dshield.org>
Sent: Tuesday, May 13, 2008 2:10 AM
Subject: [unisog] step up in SSH scanning starting today?


> Anyone else see a significant rise in SSH dictionary attacks, especially
> from .KR?
>
> A friend at a local ISP (CA.US) reported this morning that they usually
> see 1-3 scans per day, but had 10 concurrent sweeps this morning with
> more sources popping up at about 1 new per hour.  Most sources in China,
> and KR, IIRC.
>
> Another site (UK) reported a similar but not quite as aggressive set of
> new sweeps, all theirs from .KR IP space.
>
> I'm not seeing it here.
>
> What's the consensus?  Isolated or major ramp-up?
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog 



More information about the unisog mailing list