Re: Anyone else seeing a spike in SSHd scans?

From: Dave Laird (dlaird_at_kharma.net)
Date: 06/29/03

Next message: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"

Previous message: Axel Pettinger: "Re: possible new irc worm"
In reply to:(deleted message) Jay D. Dyson: "Anyone else seeing a spike in SSHd scans?"
Next in thread: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Reply: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Incidents List <incidents@securityfocus.com>
Date: Sat, 28 Jun 2003 15:05:51 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good afternoon, Jay, everyone...

On Friday 27 June 2003 12:55 pm, Jay D. Dyson wrote:
> Hi folks,
>
> I've seen an unusual spike in SSHd scans in the past 20 hours on
> systems I maintain for my employer and those I run on my own time. The
> largest spike began yesterday between 12:16 and 18:16 hours (PDT) and the
> others have begun trickling in on my non-work networks since around 08:00
> hours today.

> It's all the usual suspects, of course: systems from Malaysia, the
> Netherlands, a DSL provider in Norway, and a Cable service in Taiwan.

Since I block some/most of those locations in my firewall, I was a bit
surprised when I noted a spike in SSH scans yesterday, between 14:22 and
18:05 PDT. Then they started up again this afternoon, from what appears to
be both attbi.com and comcast DSL IP's. Hmmm. Maybe your're right.

Dave
- --
Dave Laird (Dave@kharma.net)
The Used Kharma Lot / The Phoenix Project
Web Page: http://www.kharma.net updated 04/15/2003
Usenet News server: news.kharma.net
Musicians Calendar and Database access: http://www.kharma.net/calendar.html

An automatic & random thought For the Minute:
Freedom from incrustation of grime is contiguous to rectitude.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+/hE/Zx0/eWCCG/wRAiQ7AJ9EXccwJtu4qaUh1Izt1oOvcq9qEQCfeeel
6aBS2PohGOisIFeHX2n710o=
=EPq2
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"

Previous message: Axel Pettinger: "Re: possible new irc worm"
In reply to:(deleted message) Jay D. Dyson: "Anyone else seeing a spike in SSHd scans?"
Next in thread: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Reply: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]