[nsp-sec] SSH scanners are out in force
Smith, Donald
Donald.Smith at qwest.com
Mon Mar 8 11:59:44 EST 2010
Validated that the Qwest IPs identified are doing what looks like ssh brute forcing (not just ssh syn scanning which could potentially be spoofed.) They were scanning also but I saw full three way connections so this data have been validated!!
We will of course notify our customers.
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Joel Rosenblatt
> Sent: Sunday, March 07, 2010 6:05 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] SSH scanners are out in force
>
> ----------- nsp-security Confidential --------
> Hi,
Big SSH scanner run last night. See attached file
Number after time stamp is number of attempts
Time stamps are -0500 (EST)
This seems to be a different collection of ASNs then the usual suspects, but that's not a scientific analysis, just an eyeball observation :-)
Happy hunting!
Thanks,
Joel
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list