[geeks] SSH Scans Increasing
Joshua Boyd
jdboyd at jdboyd.net
Thu Aug 21 11:18:56 CDT 2008
On Thu, Aug 21, 2008 at 03:19:49AM -0500, Jonathan C. Patschke wrote:
> Has anyone else seen a very sharp increase in the number of SSH scans
> since this weekend?
>
> I have a program running out of cron that looks for break-ins and updates
> my /etc/pf.conf automagically. It mails me when it adds a new host to the
> list. I used to get 2 - 3 per week, but now I see 20 - 30 per day.
>
> All the new scans appear to use the same dictionary. It starts off with
> some German words pertaining to academia, and then a straight alphabetical
> dictionary attack (abel, abi, abraham, access, account...). The IP
> addresses scanning me don't come from the same country, so I suspect this
> is some new botnet.
Does it appear to be doing any port scanning at the same time?
More information about the geeks
mailing list