[nsp-sec] Increase in ssh brute force ? (especially from ASN 9829, 31452, 35154)
John Kristoff
jtk at cymru.com
Thu Apr 16 21:16:40 EDT 2015
On Wed, 15 Apr 2015 16:03:53 -0400
Mike Tancsa <mike at sentex.net> wrote:
> They were also checking a very odd username, "MGR"
> as in
> Apr 15 19:11:07 [75612]: Invalid user MGR from 117.253.221.32
>
> Perhaps a regionalism ?
The DRG pods, which are pretty distributed, have seen a few thousand
MGR account attempts in April across the pod network, starting a few
days before. Of all the attempts we saw, there was a relatively small
number of unique passwords. Those were:
CAROLIAN
CCC
CNAS
COGNOS
CONV
HPDESK
HPOFFICE
HPONLY
HPP187
HPP189
HPP196
INTX3
ITF3000
MGR
NETBASE
REGO
RJE
ROBELLE
SECURITY
SYS
TELESUP
VESOFT
WORD
XLSERVER
John
More information about the nsp-security
mailing list