Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 02 Dec 2009 20:51:07 +0800
From:      Mohd Fazli Azran <mfazliazran@gmail.com>
To:        Mike Tancsa <mike@sentex.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Increase in SSH attacks as of announcement of rtld bug
Message-ID:  <4B1662BB.8000908@gmail.com>
In-Reply-To: <200912020150.nB21ossm072930@lava.sentex.ca>
References:  <200912010120.nB11Kjm9087476@freefall.freebsd.org>	<200912010522.WAA03022@lariat.net>	<200912011724.KAA10851@lariat.net>	<200912011909.nB1J9JRM070879@lava.sentex.ca>	<200912020145.SAA17523@lariat.net> <200912020150.nB21ossm072930@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Tancsa wrote:
> At 08:44 PM 12/1/2009, Brett Glass wrote:
>> At 12:09 PM 12/1/2009, Mike Tancsa wrote:
>>
>>> http://isc.sans.org/trends.html
>>> and
>>> http://isc.sans.org/port.html
>>>
>>> Do not seem to show any increase.
>>
>> Do those stats account for the fact that the attackers may first be
>> fingerprinting servers to see if they're running FreeBSD?
> 
> No idea. But looking at the logs of various hosts targeted by
> distributed scanners that hit my network, they dont seem to be that
> intelligent. There is no reason it couldnt be done, but I havent seen it
> yet here anyways.
> 
>         ---Mike
> 
> 
>> --Brett
> 
> --------------------------------------------------------------------
> Mike Tancsa,                                      tel +1 519 651 3400
> Sentex Communications,                            mike@sentex.net
> Providing Internet since 1994                    www.sentex.net
> Cambridge, Ontario Canada                         www.sentex.net/mike
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 
Seem they use multi host and brute force. My network are every day
increasing the activity of attempt ssh login with multiple host +
multiple login with multiple password. seem i got many of this messages

Did not receive identification from X.X.X.X

Mohd Fazli Azran
System Analysis
KL Malaysia


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksWYrsACgkQNF5f3mz2bZm2QwCfTZhxaAu586n66tGoAoX2DzjH
Wd0AmgMQyxsmJ+eoeDEgJOdXMk2SxiaB
=Ymfg
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B1662BB.8000908>