RE: SSH attacks?

From: Herman Frederick Ebeling Jr. (
Date: 07/29/04

  • Next message: Robin: "Re: SSH attacks?"
    To: <>
    Date: Thu, 29 Jul 2004 14:32:52 -0400

    Hash: SHA1


            Looking at the list of IP addresses that you listed I got curious and fired up
    McAfee's Visual Trace, and with the
    exception of two of them they've all come from overseas. And then mostly from
    Asia, with one ending in Europe. I
    wonder IF we're looking at a "gang" of cyber-criminals from Asia, or if it's
    just a coincidence that most of them seem
    to have originated in Asia???


    - -----Original Message-----
    From: Andrew J Caines []
    Sent: Wednesday, 28 July, 2004 20:22
    Subject: Re: SSH attacks?

    FWIW, here's what I've seen on my single IP cable connection:

    Jul 17 04:54:46 test
    Jul 17 04:54:47 guest
    Jul 22 04:38:49 test
    Jul 22 04:38:52 guest
    Jul 23 10:55:46 test
    Jul 23 10:55:49 guest
    Jul 24 19:40:48 test
    Jul 24 19:40:50 guest
    Jul 24 20:24:31 test
    Jul 24 20:24:31 guest
    Jul 24 20:24:32 admin
    Jul 24 20:24:33 admin
    Jul 24 20:24:34 user
    Jul 24 20:24:37 test
    Jul 25 02:51:10 test
    Jul 25 02:51:12 guest
    Jul 25 16:30:34 test
    Jul 25 16:30:37 guest
    Jul 27 16:12:08 test
    Jul 27 16:12:10 guest
    Jul 28 11:52:43 test
    Jul 28 11:52:45 guest

    The timing and distribution of userids indicates to me that this is more
    than a simple probe for vulnerable SSH servers.

    > Reality must take precedence over public relations, for Mother Nature
    > cannot be fooled. -- R.P. Feynman

    "Physics is like sex: sure, it may give some practical results, but
     thats not why we do it." - Feynman

    - -Andrew-
    - --
    | -Andrew J. Caines- Unix Systems Engineer |
    | "They that can give up essential liberty to obtain a little temporary |
    | safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |

    Version: PGP 8.0.3

    -----END PGP SIGNATURE-----

  • Next message: Robin: "Re: SSH attacks?"

    Relevant Pages

    • Re: Samba - trouble with simple smb.conf
      ... dsl is admin ... and there is a guest account and a sambapassword for each: ... on the linux box for each of the Samba users? ... Error connecting to (Connection refused) ...
    • Re: Office 2003 Setup
      ... | User1 (Admin) to have access to Outlook and Word ... | Guest to have access to Outlook ... | as Guest or a user who doesn't have Admin rights. ...
    • Re: Lost opening log on screen
      ... in XP Home you can login as built-in Administrator only in Safe Mode. ... now that my Admin and Guest icons are back at each startup ...
    • Re: Removeing a user icon from the graphical welcome screen
      ... How is it done for the Admin & Guest users? ... I've downloaded power toys for WinXP from MS site. ... selective users display on the welcome screen, but the user in question is ...
    • Re: Lost opening log on screen
      ... Ramesh - Microsoft MVP ... now that my Admin and Guest icons are back at each startup ...