Re: Anyone else seeing a spike in SSHd scans?
p00p_at_instable.net
Date: 06/29/03
- Previous message: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- In reply to: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Next in thread: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Reply: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 29 Jun 2003 12:12:19 -0400 To: incidents@securityfocus.com
one thing that could be of interesting note is that comcast IS now attbi.com, after a merger a few months ago. new customers are put on comcast ips, but remaining customers from before the merger still have attbi.com addresses
so basically all your scans are from the same isp. are all your scans from the same geographical areas?
On Sat, Jun 28, 2003 at 03:05:51PM -0700, Dave Laird wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Good afternoon, Jay, everyone...
>
> On Friday 27 June 2003 12:55 pm, Jay D. Dyson wrote:
> > Hi folks,
> >
> > I've seen an unusual spike in SSHd scans in the past 20 hours on
> > systems I maintain for my employer and those I run on my own time. The
> > largest spike began yesterday between 12:16 and 18:16 hours (PDT) and the
> > others have begun trickling in on my non-work networks since around 08:00
> > hours today.
>
> > It's all the usual suspects, of course: systems from Malaysia, the
> > Netherlands, a DSL provider in Norway, and a Cable service in Taiwan.
>
> Since I block some/most of those locations in my firewall, I was a bit
> surprised when I noted a spike in SSH scans yesterday, between 14:22 and
> 18:05 PDT. Then they started up again this afternoon, from what appears to
> be both attbi.com and comcast DSL IP's. Hmmm. Maybe your're right.
>
> Dave
> - --
> Dave Laird (Dave@kharma.net)
> The Used Kharma Lot / The Phoenix Project
> Web Page: http://www.kharma.net updated 04/15/2003
> Usenet News server: news.kharma.net
> Musicians Calendar and Database access: http://www.kharma.net/calendar.html
>
> An automatic & random thought For the Minute:
> Freedom from incrustation of grime is contiguous to rectitude.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+/hE/Zx0/eWCCG/wRAiQ7AJ9EXccwJtu4qaUh1Izt1oOvcq9qEQCfeeel
> 6aBS2PohGOisIFeHX2n710o=
> =EPq2
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15 training sessions,
> 1,800 delegates from 30 nations including all of the top experts, from CSO's to
> "underground" security specialists. See for yourself what the buzz is about!
> Early-bird registration ends July 3. This event will sell out. www.blackhat.com
> ----------------------------------------------------------------------------
>
-- p00p@instable.net AIM: l4m3n00b MSN: l4m3n00b@hotmail.com https://www.instable.net GnuPG Public Key: http://www.instable.net/~p00p/pubkey.gpg
- application/pgp-signature attachment: stored
- Previous message: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- In reply to: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Next in thread: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Reply: Dave Laird: "Re: Anyone else seeing a spike in SSHd scans?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
