[nsp-sec] Slow distributed SSH scan, list of IPs
Michael Sinatra
michael at rancid.berkeley.edu
Fri Oct 30 13:50:20 EDT 2009
On 10/30/09 06:27, Keith Schoenefeld wrote:
> ----------- nsp-security Confidential --------
>
> We had three taking part from AS38:
>
> 130.126.240.110
> 128.174.245.212
> 128.174.245.193
I just reported two of these in my email. You can ignore the report,
since you have already quashed 'em.
> I haven't looked at the actual machines yet, but network data
> indicates that they were all brute forced from 210.48.229.161
> (210.48.229.161.static.zoot.jp) yesterday morning:
>
> AS | IP | AS Name
> 2519 | 210.48.229.161 | VECTANT VECTANT Ltd.
Thanks for the info.
michael
More information about the nsp-security
mailing list