Educause Security Discussion mailing list archives

Re: Ongoing distributed Linux SSH dictionary attack

From: Andrew Daviel <advax () TRIUMF CA>
Date: Sat, 18 Apr 2009 11:58:17 -0700

On Fri, 17 Apr 2009, Daly, Douglas wrote:

It looks like this might fit... http://lwn.net/Articles/324415/


Useful article. But ours was not from psyb0t, according to my one data
point, but a thing called dt_ssh5 installed via a vunerability in
roundcube webmail, then controlled over IRC from #vgn6tydndgsd on
irc.foonet.com


(I'm losing track of what updates I'd posted on what list)

--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager

Current thread:

Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 16)
- <Possible follow-ups>
- Re: Ongoing distributed Linux SSH dictionary attack Pete Hickey (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Ken Connelly (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Michael Horne (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Kevin Wilcox (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Russell Fulton (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Daly, Douglas (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)