Educause Security Discussion mailing list archives
Re: Ongoing distributed Linux SSH dictionary attack
From: Andrew Daviel <advax () TRIUMF CA>
Date: Sat, 18 Apr 2009 11:58:17 -0700
On Fri, 17 Apr 2009, Daly, Douglas wrote:
It looks like this might fit... http://lwn.net/Articles/324415/
Useful article. But ours was not from psyb0t, according to my one data point, but a thing called dt_ssh5 installed via a vunerability in roundcube webmail, then controlled over IRC from #vgn6tydndgsd on irc.foonet.com (I'm losing track of what updates I'd posted on what list) -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 16)
- <Possible follow-ups>
- Re: Ongoing distributed Linux SSH dictionary attack Pete Hickey (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Ken Connelly (Apr 16)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Michael Horne (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Kevin Wilcox (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Russell Fulton (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Daly, Douglas (Apr 17)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)
- Re: Ongoing distributed Linux SSH dictionary attack Andrew Daviel (Apr 18)