[nsp-sec] SSH scanning - we are now up over 1000
Dave Woutersen (GOVCERT.NL)
dave.woutersen at govcert.nl
Wed Aug 11 05:18:46 EDT 2010
Not sure if this is of any use at all, but ive been running a Kippo
honeypot on 1 /32 (so i guess the answer is no eh) but maybe the wget
section might give away some clues.
http://www.xs4all.nl/~davewout/log/checklog-latest.html
Greetz,
Dave
On 10-8-2010 23:10, Barry Raveendran Greene wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> On 8/10/10 9:02 AM, "Donald Smith"<Donald.Smith at qwest.com> wrote:
>
>> Netflow shows that our ips identified by Joel are in fact scanning for tcp 22
>> and based on the small size of the packets with the ack bit set they are
>> attempting to bruteforce others ssh accounts too:(
> Is there any way to get into the machines and get the malware, C&C, etc. ?
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
--
Dave Woutersen
security specialist
GOVCERT.NL
T +31 70 888 75 55
I www.govcert.nl
E dave.woutersen at govcert.nl
PGP Fingerprint: C87E 47E2 89D8 5DFB C86F A3F3 1557 E2E9 AC15 7DD5
GOVCERT.NL is the Computer Emergency Response Team for the Dutch
Government. We support the government in preventing and dealing with
IT-related security incidents.
More information about the nsp-security
mailing list