Date: Tue, 01 Dec 2009 11:28:06 -0800 From: Chuck Swiger <cswiger@mac.com> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org Subject: Re: Increase in SSH attacks as of announcement of rtld bug Message-ID: <2C416146-FE6E-42EC-8FA5-434027BF38EE@mac.com> In-Reply-To: <200912011909.nB1J9JRM070879@lava.sentex.ca> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <200912010522.WAA03022@lariat.net> <200912011724.KAA10851@lariat.net> <200912011909.nB1J9JRM070879@lava.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Dec 1, 2009, at 11:09 AM, Mike Tancsa wrote: > http://isc.sans.org/trends.html > and > http://isc.sans.org/port.html > > Do not seem to show any increase. I've checked, and the volume of attempts over the past few days seems pretty constant, although there was actually a decrease around Nov 26-29 corresponding to US Thanksgiving holiday. :-) I do use denyhosts with ~4000 IPs known to be actively scanning SSH blocked. I do note an increasing number of malicious scans using "Client: libssh-0.1" string instead of legit connects with "Client: OpenSSH_5.2" or similar.... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2C416146-FE6E-42EC-8FA5-434027BF38EE>