From owner-freebsd-security@FreeBSD.ORG Wed Dec 2 13:20:42 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B9DD106568D for ; Wed, 2 Dec 2009 13:20:42 +0000 (UTC) (envelope-from mfazliazran@gmail.com) Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by mx1.freebsd.org (Postfix) with ESMTP id 686558FC15 for ; Wed, 2 Dec 2009 13:20:42 +0000 (UTC) Received: by pzk6 with SMTP id 6so129032pzk.29 for ; Wed, 02 Dec 2009 05:20:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=6DaGVOqeq/zhpa1CnDdaomB3SqaYOKmTqEGuRGB6wYU=; b=XbNF9Em9Ad4/tP2izNW4SuDyYF7Yqu92QRinpOI9omMOpbrCqg13LhYTkpl5AHBPfa krIC7JGanAKw7JZ4SWfZIQli020EBw4x5FxkKygA0nqPjP/QkML5CAJEWkSG7g9apxeH niF2uuASoGUG7UaqLvusdnd1EvMo7BfJmRs4A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=oAlPIB3lQgcbORMNy1nowqQUIkGv1bROSa4QXr03miBHpiuQVjSQUAWEuq0K8Zs6jc xItM9Qrer4ntMI4fu35Kso9PwioS2eWGF2dGgUnGPdBeR8WhrgfKfU9su7uKaZsYJgrJ Geyliy/ZvkWZ59kns3ou1YmIyz9nJq3M/ZF2Q= Received: by 10.114.188.37 with SMTP id l37mr76860waf.221.1259758271211; Wed, 02 Dec 2009 04:51:11 -0800 (PST) Received: from Fazli-2.local (237.63.50.60.cbj05-home.tm.net.my [60.50.63.237]) by mx.google.com with ESMTPS id 22sm599454pxi.10.2009.12.02.04.51.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 02 Dec 2009 04:51:09 -0800 (PST) Message-ID: <4B1662BB.8000908@gmail.com> Date: Wed, 02 Dec 2009 20:51:07 +0800 From: Mohd Fazli Azran User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Mike Tancsa References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <200912010522.WAA03022@lariat.net> <200912011724.KAA10851@lariat.net> <200912011909.nB1J9JRM070879@lava.sentex.ca> <200912020145.SAA17523@lariat.net> <200912020150.nB21ossm072930@lava.sentex.ca> In-Reply-To: <200912020150.nB21ossm072930@lava.sentex.ca> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Increase in SSH attacks as of announcement of rtld bug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 13:20:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Tancsa wrote: > At 08:44 PM 12/1/2009, Brett Glass wrote: >> At 12:09 PM 12/1/2009, Mike Tancsa wrote: >> >>> http://isc.sans.org/trends.html >>> and >>> http://isc.sans.org/port.html >>> >>> Do not seem to show any increase. >> >> Do those stats account for the fact that the attackers may first be >> fingerprinting servers to see if they're running FreeBSD? > > No idea. But looking at the logs of various hosts targeted by > distributed scanners that hit my network, they dont seem to be that > intelligent. There is no reason it couldnt be done, but I havent seen it > yet here anyways. > > ---Mike > > >> --Brett > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Sentex Communications, mike@sentex.net > Providing Internet since 1994 www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > Seem they use multi host and brute force. My network are every day increasing the activity of attempt ssh login with multiple host + multiple login with multiple password. seem i got many of this messages Did not receive identification from X.X.X.X Mohd Fazli Azran System Analysis KL Malaysia -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksWYrsACgkQNF5f3mz2bZm2QwCfTZhxaAu586n66tGoAoX2DzjH Wd0AmgMQyxsmJ+eoeDEgJOdXMk2SxiaB =Ymfg -----END PGP SIGNATURE-----