[nsp-sec] more slow-ssh-scan IP addrs
Michael Sinatra
michael at rancid.berkeley.edu
Fri Oct 30 17:06:53 EDT 2009
Kevin Oberman wrote:
> Are these slow bruteforce attacks being reported to
> bruteforce at cymru.com?
> https://www.cymru.com/nsp-sec/dailyreports/bruteforce.html
>
> This seems it is a good way to deal with these, though it does delay the
> reports a bit, it also makes them more likely to catch the attention of
> those whose attention needs to be caught.
I do submit reports to the cymru brute force address. In this
particular case, most of the scripts I use for brute force have not been
picking up the slow, distributed attempts. I plan to do some
modifications and review the results, but I will be adding these types
of scans to my reports.
michael
More information about the nsp-security
mailing list