[nsp-sec] DFN-CERT#42614 - Distributed SSH Probes
Kevin Oberman
oberman at es.net
Tue Apr 21 12:55:28 EDT 2009
> Date: Tue, 21 Apr 2009 11:51:48 -0400
> From: Mike Tancsa <mike at sentex.net>
>
>
> Did anyone else notice their distributed ssh scans stop on the 19th
> at about 23:00 gmt ?
>
> (Times below are EDT)
>
> My last log entries are below... and nothing since. Our IDS had been
> playing a game of cat and mouse with their IPs, but there were always
> some new ones.. Now nada.
I have seen nothing since that time, either. Last report in my logs was
at 15:26 PDT (18:26 EDT). This is when I dumped the last batch of blocks
into our filter, so I thought that I might have finally listed all of
them. Guess it was just a coincidence.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the nsp-security
mailing list