From owner-freebsd-security@FreeBSD.ORG  Tue Dec  1 22:41:33 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5DC621065672
	for <freebsd-security@FreeBSD.org>;
	Tue,  1 Dec 2009 22:41:33 +0000 (UTC) (envelope-from gad@FreeBSD.org)
Received: from smtp6.server.rpi.edu (smtp6.server.rpi.edu [128.113.2.226])
	by mx1.freebsd.org (Postfix) with ESMTP id D909D8FC17
	for <freebsd-security@FreeBSD.org>;
	Tue,  1 Dec 2009 22:41:32 +0000 (UTC)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by smtp6.server.rpi.edu (8.13.1/8.13.1) with ESMTP id nB1LZKQi030848;
	Tue, 1 Dec 2009 16:35:22 -0500
Mime-Version: 1.0
Message-Id: <p06240800c73b398cfb8f@[128.113.24.47]>
In-Reply-To: <200912011724.KAA10851@lariat.net>
References: <200912010120.nB11Kjm9087476@freefall.freebsd.org>
	<200912010522.WAA03022@lariat.net> <200912011724.KAA10851@lariat.net>
Date: Tue, 1 Dec 2009 16:35:19 -0500
To: Brett Glass <brett@lariat.org>, freebsd-security@FreeBSD.org
From: Garance A Drosehn <gad@FreeBSD.org>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Bayes-Prob: 0.0001 (Score 0)
X-RPI-SA-Score: 0.10 () [Hold at 20.00] COMBINED_FROM,23120(0)
X-CanItPRO-Stream: outgoing
X-Canit-Stats-ID: Bayes signature not available
X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.226
Cc: 
Subject: Re: Increase in SSH attacks as of announcement of rtld bug
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2009 22:41:33 -0000

At 10:23 AM -0700 12/1/09, Brett Glass wrote:
>Everyone:
>
>I don't know if it's a coincidence, but I doubt it is: Since the
>announcement of the rtld bug, we've seen a precipitous increase
>in the number of SSH password guessing attacks on our systems.

I have seen an increase in attacks on some of our systems here at
RPI (the ones I care about are mostly solaris).  I noticed it
Sunday night, and assumed it was due to the long weekend.  My
guess was that they expected to have more time to guess passwords
before anyone would notice.

While I saw a definite increase, it was not enough of an increase
to be alarming.  Our current automated procedures can handle it.

-- 
Garance Alistair Drosehn     =               drosehn@rpi.edu
Senior Systems Programmer               or   gad@FreeBSD.org
Rensselaer Polytechnic Institute;             Troy, NY;  USA