Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: Distributed Bruteforce against SSH
May 12 2008 05:36PM
Keith T. Morgan (keith morgan terradon com)
Yep. I've been seeing them too. What's interesting is that the botnet is sharing "state" information regarding where the collective botnet is in the dictionary. This will completely bypass fail2ban since each subsequent dictionary word is tried from a different host.
I experimented a bit by bloc...
[ more ]
Copyright 2010, SecurityFocus