[geeks] SSH Scans Increasing
Jonathan C. Patschke
jp at celestrion.net
Thu Aug 21 03:19:49 CDT 2008
Has anyone else seen a very sharp increase in the number of SSH scans
since this weekend?
I have a program running out of cron that looks for break-ins and updates
my /etc/pf.conf automagically. It mails me when it adds a new host to the
list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
All the new scans appear to use the same dictionary. It starts off with
some German words pertaining to academia, and then a straight alphabetical
dictionary attack (abel, abi, abraham, access, account...). The IP
addresses scanning me don't come from the same country, so I suspect this
is some new botnet.
--
Jonathan Patschke | "There is more to life than increasing its speed."
Elgin, TX | --Mahatma Gandhi
USA |
More information about the geeks
mailing list