Security Incidents mailing list archives
RE: SSH attacks?
From: "Herman Frederick Ebeling Jr." <hfebelingjr () lycos com>
Date: Thu, 29 Jul 2004 14:32:52 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew, Looking at the list of IP addresses that you listed I got curious and fired up McAfee's Visual Trace, and with the exception of two of them they've all come from overseas. And then mostly from Asia, with one ending in Europe. I wonder IF we're looking at a "gang" of cyber-criminals from Asia, or if it's just a coincidence that most of them seem to have originated in Asia??? Herman - -----Original Message----- From: Andrew J Caines [mailto:A.J.Caines () halplant com] Sent: Wednesday, 28 July, 2004 20:22 To: incidents () securityfocus com Subject: Re: SSH attacks? FWIW, here's what I've seen on my single IP cable connection: Jul 17 04:54:46 test 129.194.21.5 Jul 17 04:54:47 guest 129.194.21.5 Jul 22 04:38:49 test 61.237.13.234 Jul 22 04:38:52 guest 61.237.13.234 Jul 23 10:55:46 test 61.109.156.5 Jul 23 10:55:49 guest 61.109.156.5 Jul 24 19:40:48 test 202.6.75.195 Jul 24 19:40:50 guest 202.6.75.195 Jul 24 20:24:31 test 69.0.134.72 Jul 24 20:24:31 guest 69.0.134.72 Jul 24 20:24:32 admin 69.0.134.72 Jul 24 20:24:33 admin 69.0.134.72 Jul 24 20:24:34 user 69.0.134.72 Jul 24 20:24:37 test 69.0.134.72 Jul 25 02:51:10 test 211.202.3.148 Jul 25 02:51:12 guest 211.202.3.148 Jul 25 16:30:34 test 219.234.216.150 Jul 25 16:30:37 guest 219.234.216.150 Jul 27 16:12:08 test 210.92.210.67 Jul 27 16:12:10 guest 210.92.210.67 Jul 28 11:52:43 test 65.61.98.16 Jul 28 11:52:45 guest 65.61.98.16 The timing and distribution of userids indicates to me that this is more than a simple probe for vulnerable SSH servers.
Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman
"Physics is like sex: sure, it may give some practical results, but thats not why we do it." - Feynman - -Andrew- - -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines () halplant com | | "They that can give up essential liberty to obtain a little temporary | | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 | -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQQlB/h/i52nbE9vTEQKJvACg4JnEdK+2DGEF9izjRFblcOiRX9UAn0Sp 4HcbCl/cFnYRIQFN5cgGmyCO =Fo8t -----END PGP SIGNATURE-----
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
- Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)
- Re: SSH attacks? Valdis . Kletnieks (Jul 31)
- Re: SSH attacks? Skip Carter (Jul 30)
- Re: SSH attacks? Alexander Klimov (Jul 31)