[unisog] step up in SSH scanning starting today?

Stephen John Smoogen smooge at unm.edu
Tue May 13 18:37:02 GMT 2008

Robert Lemos wrote:
> On May 12, 2008, at 11:02 PM, <vijay at ericavijay.net 
> <mailto:vijay at ericavijay.net>> <vijay at ericavijay.net 
> <mailto:vijay at ericavijay.net>> wrote:
>> Yes, huge increase in our honeypot about 1600 from just one single IP 
>> in KR,
>> yesterday within a few hours.
> Ubuntu also just announced a serious vulnerability in OpenSSH keys. I 
> don't know if the increase -- which seems to be a random dictionary 
> attack against SSH hosts -- and the release of the vulnerability are 
> related.
> http://www.ubuntu.com/usn/usn-612-1

What this is going to cause is a lot of systems to have new SSH keys 
created for them (since that is one root of the vulnerability). I would 
suggest that people confirm that the keys are good since this would be a 
great time to set up MITM  systems (hey look ma, half the net is rekeying!)

Stephen Smoogen -- ITS/Linux Administrator
   MSC02 1520 1 University of New Mexico Albuquerque, NM  87131-0001
   Phone: (505) 277-8219  Email: smooge at unm.edu
  How far that little candle throws his beams! So shines a good deed
  in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the unisog mailing list