[nsp-sec] Can someone pass this along to AS24086 - ETC(ENET) Company - 125.214.8.12
Joe St Sauver
joe at oregon.uoregon.edu
Wed Sep 29 10:55:08 EDT 2010
Joel mentioned:
#This machine
#
# 125.214.8.12 22/tcp 2010-09-28 05:30:00 GMT-0400 2010-09-29 00:15:00 GMT-0400 6017348
#
#hit us with a little over 6 million SSH password tries last night.
#
#I think a little spanking is in order :-)
Indeed!
In my case, the ssh PITA de jour is 202.155.39.70 (mail.scisi.com), an
Indosatm2 (AS4795) connected host. Attempting to get that compromised
host remediated illustrates to me why a growing number of people just
block 'em and forget 'em (although of course that just plays to the bad
guy's lead -- I'm sure they'd like nothing better than to have people
quietly turn their backs and let them do their criminality w/o pesky
interference).
Since we're talking about ssh scanners, let me also take this opportunity
to mention once again that I think the Dragon Research Group is doing a
great job of identifying many of the ssh scanners who are active out
there; if you haven't checked
http://www.dragonresearchgroup.org/insight/sshpwauth.txt recently, you
might want to, particularly if you are responsible for one of the following
ASNs (currently each of the following ASNs have one or more identified ssh
scanners on the sshpwauth.txt list):
33 137 209 224 852 1113 1267 1659 1680 1706 2506 2706 3215 3269 3307 3352
3356 3491 3549 3595 3758 3786 3816 4134 4230 4323 4538 4565 4662 4670 4750
4755 4765 4766 4776 4782 4808 4812 4835 4837 4847 5089 5432 5617 6147 6648
6697 6724 6739 6939 6983 7016 7018 7097 7385 7470 7545 7643 7738 7922 8001
8048 8167 8398 8437 8452 8468 8508 8592 8612 8680 9105 9121 9155 9299 9304
9308 9318 9340 9712 9758 9806 9808 9829 9833 9848 9892 9916 9924 9929 9931
9943 10201 10429 10439 10479 10835 11139 11172 11367 11556 12140 12252
12322 12576 12705 13056 13213 13367 13768 13878 14051 14080 14259 14420
14904 15003 15435 15475 15557 16265 16735 16814 17379 17431 17439 17444
17494 17621 17623 17772 17775 17799 17816 17858 17908 17917 17964 17968
18101 18302 18403 18747 18779 18881 19994 20214 20473 20500 20655 20797
21246 21280 21788 21844 21949 22781 22927 23650 23974 24165 24186 24642
24863 24971 25306 26480 26496 26592 27325 27695 27699 27747 27882 27925
28247 28573 28677 28750 28753 31501 32453 32742 32748 33182 36114 36351
36992 38266 38462 38661 38666 41268 41560 41750 42708 44636 45538 45544
46034 47205 48185 50354 50729
And if your ASN is not listed, let me say thank you!, but also ask, "have
you considered hosting a DRG pod to improve the coverage for projects
like the current ssh scanner project?"
See http://www.dragonresearchgroup.org/drg-distro.html for more information.
Regards,
Joe
More information about the nsp-security
mailing list