Date: Wed, 06 Apr 2005 17:57:33 +0200 From: Willem Jan Withagen <wjw@withagen.nl> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: freebsd-security@freebsd.org Subject: Re: What is this Very Stupid DOS Attack Script? Message-ID: <425406ED.5060400@withagen.nl> In-Reply-To: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin McCormick wrote: > Apr 6 05:49:42 dc sshd[12422]: input_userauth_request: illegal > user chuck > > You get the idea. This goes on for 3 or 4 minutes and then > just stops for now. I can almost promise that later, another attack > will start from some other IP address and blaze away for a few > minutes. I asked the same question a while ago. Seems that there are some linux type worms out there, that use this to target not well protected linux systems.??? I've build some swatch-rules that after two of these hits, I dump the host into ifpw-deny space. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?425406ED.5060400>