[nsp-sec] ACK AS209 / SSH scanning - we are now up over 1000
Scott A. McIntyre
scott at xs4all.net
Tue Aug 10 12:33:46 EDT 2010
On 10/08/10 18:02 , Smith, Donald wrote:
> ----------- nsp-security Confidential --------
>
> Netflow shows that our ips identified by Joel are in fact scanning for tcp 22 and based on the small size of the packets with the ack bit set they are attempting to bruteforce others ssh accounts too:(
>
>
We've had several customers confirm phpMyAdmin on the systems pwned -
anyone have details as to which of the known exploits this is, or, is it
something "new"?
Cheers,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list