Re: Anyone else seeing a spike in SSHd scans?

From: Dave Laird (dlaird_at_kharma.net)
Date: 06/29/03

Next message: Harlan Carvey: "re: DoS "Probing" on one of our hosts"

Previous message: Christopher Kunz: "DoS "Probing" on one of our hosts"
In reply to: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: incidents@securityfocus.com
Date: Sun, 29 Jun 2003 10:03:09 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good morning...

On Sunday 29 June 2003 9:12 am, p00p@instable.net wrote:

> one thing that could be of interesting note is that comcast IS now
> attbi.com, after a merger a few months ago. new customers are put on
> comcast ips, but remaining customers from before the merger still have
> attbi.com addresses so basically all your scans are from the same isp. are
> all your scans from the same geographical areas?

It would seem that way, yes. The returns I've seen, thus far, all come from
ne.attbi.com which would tend to make think so. For the time being, I've
blocked their IP block in the firewall until I get some kind of meaningful
response from ATT. Coincidentally, in a similar frame of reference, about
this same time I noted a sudden surge of SPAM e-mail hitting my mail filters
from that same address just prior to when I blocked the IP. <grin> I think
the admins that once maintained attbi.com are now working frantically on the
comcast network, but I could be wrong.

Dave
- --
Dave Laird (Dave@kharma.net)
The Used Kharma Lot / The Phoenix Project
Web Page: http://www.kharma.net updated 04/15/2003
Usenet News server: news.kharma.net
Musicians Calendar and Database access: http://www.kharma.net/calendar.html

An automatic & random thought For the Minute:
Collaboration, n.:
        A literary partnership based on the false assumption that the
        other fellow can spell.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+/xvNZx0/eWCCG/wRAgIcAJwM2gOc/IlZPh45yLY0bM6jB7ck3QCfUCTX
1v/rfpn+OmZ/MrKYRHfWxGs=
=HnnC
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: Harlan Carvey: "re: DoS "Probing" on one of our hosts"

Previous message: Christopher Kunz: "DoS "Probing" on one of our hosts"
In reply to: p00p_at_instable.net: "Re: Anyone else seeing a spike in SSHd scans?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]