From owner-freebsd-security@FreeBSD.ORG  Wed Dec  2 01:50:56 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7D7841065694
	for <freebsd-security@freebsd.org>;
	Wed,  2 Dec 2009 01:50:56 +0000 (UTC) (envelope-from mike@sentex.net)
Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 34A208FC2B
	for <freebsd-security@freebsd.org>;
	Wed,  2 Dec 2009 01:50:55 +0000 (UTC)
Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27])
	by lava.sentex.ca (8.14.3/8.14.3) with ESMTP id nB21ossm072930;
	Tue, 1 Dec 2009 20:50:54 -0500 (EST) (envelope-from mike@sentex.net)
Message-Id: <200912020150.nB21ossm072930@lava.sentex.ca>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Tue, 01 Dec 2009 20:51:23 -0500
To: Brett Glass <brett@lariat.org>, freebsd-security@freebsd.org
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <200912020145.SAA17523@lariat.net>
References: <200912010120.nB11Kjm9087476@freefall.freebsd.org>
	<200912010522.WAA03022@lariat.net>
	<200912011724.KAA10851@lariat.net>
	<200912011909.nB1J9JRM070879@lava.sentex.ca>
	<200912020145.SAA17523@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: 
Subject: Re: Increase in SSH attacks as of announcement of rtld bug
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 01:50:56 -0000

At 08:44 PM 12/1/2009, Brett Glass wrote:
>At 12:09 PM 12/1/2009, Mike Tancsa wrote:
>
>>http://isc.sans.org/trends.html
>>and
>>http://isc.sans.org/port.html
>>
>>Do not seem to show any increase.
>
>Do those stats account for the fact that the attackers may first be 
>fingerprinting servers to see if they're running FreeBSD?

No idea. But looking at the logs of various hosts targeted by 
distributed scanners that hit my network, they dont seem to be that 
intelligent. There is no reason it couldnt be done, but I havent seen 
it yet here anyways.

         ---Mike


>--Brett

--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike