Educause Security Discussion mailing list archives
Re: Ongoing distributed Linux SSH dictionary attack
From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Thu, 16 Apr 2009 19:22:47 -0500
Pete Hickey wrote:
On Thu, Apr 16, 2009 at 04:15:00PM -0700, Andrew Daviel wrote:FYI We are seeing a distributed-source SSH dictionary attack on multiple machines. The sources appear to be running Linux according to P0F. This blows past our "15 strikes sitewide and you are out" filter.We're seeing a large increase of ssh dictionary attacks this week. Although it's coming from a number of different machines, I wouldn't call it a large enough number to consider it a distributed attack.
We've been seeing this pretty consistently for about 10 days although the rate has fluctuated some. I've seen about 1400 different source addresses here. -- - Ken ================================================================= Ken Connelly Associate Director, Security and Systems ITS Network Services University of Northern Iowa email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373
Current thread:
- Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 16)
- <Possible follow-ups>
- Re: Ongoing distributed Linux SSH dictionary attack Pete Hickey (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Ken Connelly (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Michael Horne (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Kevin Wilcox (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Russell Fulton (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Daly, Douglas (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)