[nsp-sec] ACK AS209 / SSH scanning - we are now up over 1000

Smith, Donald Donald.Smith at qwest.com
Tue Aug 10 12:02:52 EDT 2010 

Netflow shows that our ips identified by Joel are in fact scanning for tcp 22 and based on the small size of the packets with the ack bit set they are attempting to bruteforce others ssh accounts too:(



(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Roper, Sara
> Sent: Tuesday, August 10, 2010 9:15 AM
> To: 'Joel Rosenblatt'; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] ACK AS209 / SSH scanning - we are now
> up over 1000
>
> ----------- nsp-security Confidential --------
>
> ACK AS209 - Thanks Joel
>
> > -----Original Message-----
> > From: nsp-security-bounces at puck.nether.net
> > [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> > Joel Rosenblatt
> > Sent: Tuesday, August 10, 2010 8:02 AM
> > To: nsp-security at puck.nether.net
> > Subject: [nsp-sec] SSH scanning - we are now up over 1000
> >
> > ----------- nsp-security Confidential --------
> >
> >
>
> This communication is the property of Qwest and may contain
> confidential or
> privileged information. Unauthorized use of this
> communication is strictly
> prohibited and may be unlawful.  If you have received this
> communication
> in error, please immediately notify the sender by reply
> e-mail and destroy
> all copies of the communication and any attachments.
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list