Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Incidents
SSH attacks? Jul 26 2004 10:59PM
Robin (robin kallisti net nz) (10 replies)
Re: SSH attacks? Jul 29 2004 10:31AM
David Block (dave yucc yorku ca)
Re: SSH attacks? Jul 28 2004 04:33AM
brandy (brandy klammeraffe org) (2 replies)
Re: SSH attacks? Jul 29 2004 12:22AM
Andrew J Caines (A J Caines halplant com) (3 replies)
Re: SSH attacks? Jul 29 2004 10:12PM
Brian C. Lane (bcl brianlane com)
RE: SSH attacks? Jul 29 2004 06:32PM
Herman Frederick Ebeling Jr. (hfebelingjr lycos com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew,

Looking at the list of IP addresses that you listed I got curious and fired up
McAfee's Visual Trace, and with the
exception of two of them they've all come from overseas. And then mostly from
Asia, with one ending in Europe. I
wonder IF we're looking at a "gang" of cyber-criminals from Asia, or if it's
just a coincidence that most of them seem
to have originated in Asia???

Herman

- -----Original Message-----
From: Andrew J Caines [mailto:A.J.Caines (at) halplant (dot) com [email concealed]]
Sent: Wednesday, 28 July, 2004 20:22
To: incidents (at) securityfocus (dot) com [email concealed]
Subject: Re: SSH attacks?

FWIW, here's what I've seen on my single IP cable connection:

Jul 17 04:54:46 test 129.194.21.5
Jul 17 04:54:47 guest 129.194.21.5
Jul 22 04:38:49 test 61.237.13.234
Jul 22 04:38:52 guest 61.237.13.234
Jul 23 10:55:46 test 61.109.156.5
Jul 23 10:55:49 guest 61.109.156.5
Jul 24 19:40:48 test 202.6.75.195
Jul 24 19:40:50 guest 202.6.75.195
Jul 24 20:24:31 test 69.0.134.72
Jul 24 20:24:31 guest 69.0.134.72
Jul 24 20:24:32 admin 69.0.134.72
Jul 24 20:24:33 admin 69.0.134.72
Jul 24 20:24:34 user 69.0.134.72
Jul 24 20:24:37 test 69.0.134.72
Jul 25 02:51:10 test 211.202.3.148
Jul 25 02:51:12 guest 211.202.3.148
Jul 25 16:30:34 test 219.234.216.150
Jul 25 16:30:37 guest 219.234.216.150
Jul 27 16:12:08 test 210.92.210.67
Jul 27 16:12:10 guest 210.92.210.67
Jul 28 11:52:43 test 65.61.98.16
Jul 28 11:52:45 guest 65.61.98.16

The timing and distribution of userids indicates to me that this is more
than a simple probe for vulnerable SSH servers.

> Reality must take precedence over public relations, for Mother Nature
> cannot be fooled. -- R.P. Feynman

"Physics is like sex: sure, it may give some practical results, but
thats not why we do it." - Feynman

- -Andrew-
- --
_______________________________________________________________________
| -Andrew J. Caines- Unix Systems Engineer A.J.Caines (at) halplant (dot) com [email concealed] |
| "They that can give up essential liberty to obtain a little temporary |
| safety deserve neither liberty nor safety" - Benjamin Franklin, 1759 |

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQQlB/h/i52nbE9vTEQKJvACg4JnEdK+2DGEF9izjRFblcOiRX9UAn0Sp
4HcbCl/cFnYRIQFN5cgGmyCO
=Fo8t
-----END PGP SIGNATURE-----

[ reply ]
Re: SSH attacks? Jul 29 2004 05:22PM
Marcus Merrin (marcus merrin emptyair com) (1 replies)
Re: SSH attacks? Jul 30 2004 12:58AM
Robin (robin kallisti net nz)
Re: SSH attacks? Jul 29 2004 12:18AM
Mike Whitley (mwhitley borg proceon com)
Re: SSH attacks? Jul 27 2004 09:12PM
buzz (reitenba fh-brandenburg de) (2 replies)
Re: SSH attacks? Jul 28 2004 07:05PM
Jyri Hovila (jyri hovila iki fi) (4 replies)
Re: SSH attacks? Jul 30 2004 05:40AM
Thomas Hochstein (ml ancalagon inka de)
Re: SSH attacks? Jul 29 2004 07:03PM
Chris Brenton (cbrenton chrisbrenton org)
Re: SSH attacks? Jul 29 2004 05:03PM
Matt Beland (matt rearviewmirror org)
Re: SSH attacks? Jul 29 2004 05:02PM
Valdis Kletnieks vt edu
Re: SSH attacks? Jul 28 2004 06:42PM
Jyri Hovila (jyri hovila iki fi)
Re: SSH attacks? Jul 27 2004 08:46PM
Adam Young (adam vbfx com) (1 replies)
Re: SSH attacks? Jul 28 2004 08:19AM
Christine Kronberg (Christine_Kronberg genua de) (3 replies)
Re: SSH attacks? Jul 29 2004 04:53PM
Steve Schuster (sjs74 cornell edu)
Re: SSH attacks? Jul 29 2004 04:05PM
Merlijn Tishauser (merlijn begeleidingentraining nl)
Re: SSH attacks? Jul 29 2004 09:21AM
Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies)
Re: SSH attacks? Jul 30 2004 12:38AM
Jay D. Dyson (jdyson treachery net) (2 replies)
Re: SSH attacks? Jul 31 2004 12:06AM
mgotts 2roads com
Re: SSH attacks? Jul 31 2004 12:05AM
Frank Knobbe (frank knobbe us)
Re: SSH attacks? Jul 29 2004 10:12AM
Christine Kronberg (Christine_Kronberg genua de) (2 replies)
Re: SSH attacks? Jul 30 2004 01:26AM
Frank Knobbe (frank knobbe us)
Re: SSH attacks? Jul 29 2004 10:44AM
Pieter-Bas IJdens (pieter-bas ijdens com)
Re: SSH attacks? Jul 27 2004 07:21PM
Tom Laermans (tom laermans powersource cx)
Re: SSH attacks? Jul 27 2004 07:17PM
Chris Brown (chris wavetex com)
Re: SSH attacks? Jul 27 2004 06:24PM
Jason Falciola (falciola us ibm com)
Re: SSH attacks? Jul 27 2004 06:15PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: SSH attacks? Jul 30 2004 06:37PM
George Georgalis (george galis org)
Re: SSH attacks? Jul 27 2004 06:06PM
Josh Tolley (josh raintreeinc com)
Re: SSH attacks? Jul 27 2004 06:00PM
Tobias Rice (rice up edu) (1 replies)
Re: SSH attacks? Jul 28 2004 03:43AM
Chris Brenton (cbrenton chrisbrenton org)







 

Privacy Statement
Copyright 2009, SecurityFocus