[unisog] step up in SSH scanning starting today?

Edgecombe, Jason jwedgeco at uncc.edu
Tue May 13 17:54:35 GMT 2008


We use fail2ban on several machines here.
www.fail2ban.org

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
 

-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Couples,
Christopher
Sent: Tuesday, May 13, 2008 1:29 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] step up in SSH scanning starting today?

The debian advisory is due to a failure in seeding the RNG for openssl
during keygen; a wave of password attacks, as we're pretty much all
noting, wouldn't seem to be related.

As a side note, someone mentioned autoban to programmatically add
brute-forcing hosts to hosts.deny; I'd also like to plug denyhosts, a
python script that can also be found on sourceforge. Are there other
tools that are widely in use, or are most folks simply rolling their
own?

---
Christopher Couples
Core Systems
Wharton Computing and Information Technology
Wharton School of Business


-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Michael Holstein
Sent: Tuesday, May 13, 2008 1:15 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] step up in SSH scanning starting today?


> Anyone else see a significant rise in SSH dictionary attacks,
especially
> from .KR?
>

Possibly related to this?

http://lists.debian.org/debian-security-announce/2008/msg00152.html

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list