[unisog] step up in SSH scanning starting today?

vijay at ericavijay.net vijay at ericavijay.net
Tue May 13 03:02:23 GMT 2008

Yes, huge increase in our honeypot about 1600 from just one single IP in KR, 
yesterday within a few hours.

Vijay Sarvepalli

----- Original Message ----- 
From: "Tom Perrine" <tperrine at scea.com>
To: "UNIversity Security Operations Group" <unisog at lists.dshield.org>
Sent: Tuesday, May 13, 2008 2:10 AM
Subject: [unisog] step up in SSH scanning starting today?

> Anyone else see a significant rise in SSH dictionary attacks, especially
> from .KR?
> A friend at a local ISP (CA.US) reported this morning that they usually
> see 1-3 scans per day, but had 10 concurrent sweeps this morning with
> more sources popping up at about 1 new per hour.  Most sources in China,
> and KR, IIRC.
> Another site (UK) reported a similar but not quite as aggressive set of
> new sweeps, all theirs from .KR IP space.
> I'm not seeing it here.
> What's the consensus?  Isolated or major ramp-up?
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog 

More information about the unisog mailing list