Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 01 Dec 2009 20:51:23 -0500
From:      Mike Tancsa <mike@sentex.net>
To:        Brett Glass <brett@lariat.org>, freebsd-security@freebsd.org
Subject:   Re: Increase in SSH attacks as of announcement of rtld bug
Message-ID:  <200912020150.nB21ossm072930@lava.sentex.ca>
In-Reply-To: <200912020145.SAA17523@lariat.net>
References:  <200912010120.nB11Kjm9087476@freefall.freebsd.org> <200912010522.WAA03022@lariat.net> <200912011724.KAA10851@lariat.net> <200912011909.nB1J9JRM070879@lava.sentex.ca> <200912020145.SAA17523@lariat.net>

next in thread | previous in thread | raw e-mail | index | archive | help
At 08:44 PM 12/1/2009, Brett Glass wrote:
>At 12:09 PM 12/1/2009, Mike Tancsa wrote:
>
>>http://isc.sans.org/trends.html
>>and
>>http://isc.sans.org/port.html
>>
>>Do not seem to show any increase.
>
>Do those stats account for the fact that the attackers may first be 
>fingerprinting servers to see if they're running FreeBSD?

No idea. But looking at the logs of various hosts targeted by 
distributed scanners that hit my network, they dont seem to be that 
intelligent. There is no reason it couldnt be done, but I havent seen 
it yet here anyways.

         ---Mike


>--Brett

--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912020150.nB21ossm072930>