[CLUE-Tech] Brute force attack from host 208.188.115.21
Adam Bultman
adamb at glaven.org
Wed Aug 4 14:34:25 MDT 2004
This morning, I tended to my logs like normal to find that the above
host has been attempting to bruce force passwords on my network.
Another sysadmin I know, in a similar IP space, has also noticed the
same exact attacks on his system.
Of the three servers I have with SSH access from the Internet, he's
tried each one a bit over 2800 times yesterday.
The source of the attacks is a linux box on an ISP based in Missouri
(MO) which isn't responding to my requests to shut down the box .
My question to you: Since you are all in Denver, (where my machines
are), have you been noticing the same attacks on your system? I'm not
saying the SSH scans in general, but rather, the dedicated act of
attempting to test passwords for the root account.
Adam
More information about the clue-tech
mailing list