[nsp-sec] ACK AS852 - RE: DFN-CERT#42614 - Distributed SSH Probes
Chris Calvert
Chris.Calvert at telus.com
Thu Apr 9 13:43:02 EDT 2009
Thanks Mike, ACK for AS852.
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Mike Tancsa
> Sent: Thursday, April 09, 2009 8:43 AM
> To: Klaus Moeller; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] DFN-CERT#42614 - Distributed SSH Probes
> Importance: High
>
> ----------- nsp-security Confidential --------
>
> At 06:46 AM 4/9/2009, Klaus Moeller wrote:
> >----------- nsp-security Confidential --------
> >
> >
> >Hi all,
> >
> >For the last 3 days, several hosts in our constituency are under a
> >distributed account probe against their SSH servers.
> >
> >Since most of the hosts probing the SSH servers will likely be
> >compromised by weak account passwords too, I'm posting the list
> >below. All timestampts are UTC+2:00.
> >
> >Hints for the C&C as well as the tool used for the account probe
> >will be greatly appreciated.
>
> This appears to be a very similar list to what we are seeing. Here
> are our hits from today on one of our servers.
More information about the nsp-security
mailing list