Security Incidents mailing list archives
Re: MASSIVE ssh attack attempt
From: Robert.Graham () NETWORKICE COM (Robert Graham)
Date: Fri, 18 Feb 2000 15:15:03 -0800
PCanywhere uses UDP/22 rather than TCP/22. http://www.robertgraham.com/pubs/firewall-seen.html#port22 My guess this is just a massive sacan for the recent RSAREF bug. Rob. -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On Behalf Of Filip M. Gieszczykiewicz Sent: Thursday, February 17, 2000 11:54 AM To: INCIDENTS () securityfocus com Subject: Re: MASSIVE ssh attack attempt On Tue, 15 Feb 2000, Mark Shirley wrote:
Our network has been recving massive amounts of ssh connection attempts in
a short period of time.
Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from 210.134.59.39:1297 Feb 15 22:02:13 entropy2 iplog[24745]: TCP: ssh connection attempt from 36.56.53.111:1972 Feb 15 22:02:16 entropy2 iplog[24745]: TCP: ssh connection attempt from
[snip] Isn't it PCAnywhere that walks the range looking for its ilk on port 22 (ssh)? Are you sure it's a "ssh connection attempt" or is that your logger interpretation of "pcA port 22 connection attempt"? Cheers, Filip G. Filip "I'll buy a vowel" Gieszczykiewicz | http://www.repairfaq.org/ (filipg () corona eps pitt edu) I am the river itself and the leaf floating its currents. I am steering. I am swept. I am.
Current thread:
- Re: succesful crack, (continued)
- Re: succesful crack R. Gupta (Feb 17)
- Port Scanning (perhaps related to "A very strange port scan") Warren Belfer (Feb 15)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
- Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
- Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
- Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
- Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
- Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
- Undernet/telnet attempts? SecOrg (Feb 18)
- Re: Undernet/telnet attempts? Opus (Feb 21)
- Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
- Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
- Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)
- Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)