I've seen a lot of this on the web servers that I manage.... is the Chinaman from what my logs tell me..... hence China is about 75% banned on my servers
Distributed SSH scanning
http://isc.sans.org/diary.html?storyid=3529
FYI, you may want to pay a little more attention to your Firewall/IDS logs...
E
dd if=/dev/urandom of=/mybrain
I've seen a lot of this on the web servers that I manage.... is the Chinaman from what my logs tell me
dd if=/dev/swc666 of=/dev/wyze
I had an SSH server opened to the outside, but no where else on the inside of my network for a little while. Within minutes of it being put on the outside, I'd see brute force attacks against it.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Thanks for the heads up.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Good to know. I'm in the process now of setting up ssh on my wrt54gs, looks like I'll be adding srelay to move port 22 to port 1080. That should fix that.
Yea, they have been doing this for years, but apparently there is a real interest in it now, to the point that it is distributed.Originally Posted by streaker69
Your welcome
If the mods don't mind a little plug(delete this if you do): you can help SANS track this by sending your firewall/IDS logs to DShield(www.DShield.org), they need logs, home users especially...
dd if=/dev/urandom of=/mybrain
Posting Permissions
