[nsp-sec] SSH scanning - we are now up over 1000
Joel Rosenblatt
joel at columbia.edu
Tue Aug 10 14:05:34 EDT 2010
I've been feeding all of our attackers to Cymru for years .. I just send these lists as a public service for those who don't get the daily reports :-)
We also send out a message to each of the abuse contacts for the ASN, so we catch a lot of people not on the NSP list ... I get lots of thank you notes :-)
Joel
--On Tuesday, August 10, 2010 10:56 AM -0700 Kevin Oberman <oberman at es.net> wrote:
>> Date: Tue, 10 Aug 2010 10:02:15 -0400
>> From: Joel Rosenblatt <joel at columbia.edu>
>> Sender: nsp-security-bounces at puck.nether.net
>>
>> ----------- nsp-security Confidential --------
>>
>>
>> Hi,
>>
>> Looks like this is going to get worse before it gets worse ... list attached.
>>
>> Thanks,
>> Joel
>>
>> Joel Rosenblatt, Manager Network & Computer Security
>> Columbia Information Security Office (CISO)
>> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
>> http://www.columbia.edu/~joel
>
> This is the worst of these I've seen and it just keeps getting heavier.
>
> I have been seeing over 500 new unique source addresses daily from the
> start of this and the number is growing daily. I only had 960 unique
> new addresses this morning, but I have rather careful vetting to avoid
> false positives as we feed this data into our RTBH and I don't want to
> block any legitimate access. I'm sure that if I looked at the data
> manually, theat I would have a number of added hits.
>
> BTW, all of the attempts log are reported to the Cymru brute-force list
> for inclusion in the daily reports.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list