[nsp-sec] SSH scan question
Torbjorn.Wictorin at cert.sunet.se
Torbjorn.Wictorin at cert.sunet.se
Mon Feb 16 09:15:47 EST 2009
hi,
we have seen some SSH scans that differs from the standard pattern:
First a number of ususal connect attempts, about 13-16 packets in each
direction and about 1k/3k data (failed logon attempts, I guess).
But then:
a number of connects, one minute apart with around 2500/2500 packets,
140000/140000 byte data. That is: (about) equal number of packets and
bytes in each direction.
The same for a numbers of hosts, but not all probed.
No sign of a successful logon in the logs.
Does somebody have any ide'a of what this is about?
Torbjorn Wictorin
Sunet CERT
More information about the nsp-security
mailing list