a number of botnets, many romanian in origin (IIRC), use ssh brute force compromises to grow. does this look similar, and like they upgraded their botnets to now burn CPU on mining? _____________________________ jose nazario, ph.d. jose at arbor.net sr. manager of security research, arbor networks http://asert.arbor.net/