[nsp-sec] SSH scanning - we are now up over 1000
Kevin Oberman
oberman at es.net
Tue Aug 10 13:56:32 EDT 2010
> Date: Tue, 10 Aug 2010 10:02:15 -0400
> From: Joel Rosenblatt <joel at columbia.edu>
> Sender: nsp-security-bounces at puck.nether.net
>
> ----------- nsp-security Confidential --------
>
>
> Hi,
>
> Looks like this is going to get worse before it gets worse ... list attached.
>
> Thanks,
> Joel
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
This is the worst of these I've seen and it just keeps getting heavier.
I have been seeing over 500 new unique source addresses daily from the
start of this and the number is growing daily. I only had 960 unique
new addresses this morning, but I have rather careful vetting to avoid
false positives as we feed this data into our RTBH and I don't want to
block any legitimate access. I'm sure that if I looked at the data
manually, theat I would have a number of added hits.
BTW, all of the attempts log are reported to the Cymru brute-force list
for inclusion in the daily reports.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the nsp-security
mailing list