[nsp-sec] even more slow-ssh-scan IP addrs
Gabriel Iovino
giovino at ren-isac.net
Tue Nov 3 12:11:16 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike Tancsa wrote:
> Some more from today targeting 64.7.128.98. Note, times are GMT -500.
> They are more often then not below the threshold for my daily scripts to
> catch and submit, but looking through the logs they seem to be
> coordinated based on the sequence of usernames they try
Sanitized notifications have been sent to the following:
> 81 | 198.85.237.251 | 2009-11-02 05:57:36 EST | NCREN - MCNC
> 5786 | 136.145.155.151 | 2009-11-02 14:05:56 EST | UPRENET - University of Puerto Rico
Thank you.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrwZDQACgkQwqygxIz+pTv15ACfVeGOLg7SWBW8qxwB0LzGkg21
fqMAoIifniN+swIm+9quXOcGTcsJU081
=t4jn
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list