[nsp-sec] more slow-ssh-scan IP addrs
Kevin Oberman
oberman at es.net
Fri Oct 30 14:05:41 EDT 2009
Are these slow bruteforce attacks being reported to
bruteforce at cymru.com?
https://www.cymru.com/nsp-sec/dailyreports/bruteforce.html
This seems it is a good way to deal with these, though it does delay the
reports a bit, it also makes them more likely to catch the attention of
those whose attention needs to be caught.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> Date: Fri, 30 Oct 2009 10:48:37 -0700
> From: Michael Sinatra <michael at rancid.berkeley.edu>
> Sender: nsp-security-bounces at puck.nether.net
>
> Hi,
>
> I have a bunch more slow distributed SSH scanning IP addresses. I also
> spotted some of the ones that Kurt Jaeger reported earlier, but (I hope)
> I have filtered those out. Timestamps are UTC.
>
More information about the nsp-security
mailing list