[CLUE-Tech] Brute force attack from host 208.188.115.21
Glen Newell
skipworthy at realivetech.com
Thu Aug 5 08:07:26 MDT 2004
Sans has been tracking reports of SSH- brute force attacks...they are
trying to find what tool/script is out there that's being circulated.
You ought to send them your logs and stuff, it might help. It sounds to
me like most of those attacks were coming from eastern europe, but that
was late last week...
Glen
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 04:55 PM 8/4/2004 -0400, Angelo Bertolli wrote:
>
>
> >>Nope. However, SSH access to my servers is regulated at my
firewalls to
> >>SMALL, specific IP
> >>ranges. I see no value in allowing "the whole internet" access to
my
> >>logon services (I open
> >>strictly-controlled IP ranges for each client that I host for). :)
> >>
> >I guess no one better travel then.
> >
>
> I'm getting attempts at test and guest from 211.138.142.26 That is
in AU
> space.
>
>
>
> - --
> coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
> Lamport's Law: "A distributed system is one in which the failure of a
> computer you didn't even know existed can render your own computer
unusable."
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
>
> iQA/AwUBQRIOtbiLNnC0cMkdEQL7BACfdnCvJ06gTb3VmVkgP5Wj2DgSmpMAn2C7
> crXKogQIJ6YRAmAmMer+yT3F
> =z4bx
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
http://clue.denver.co.us/mailman/listinfo/clue-tech
>
>
--
More information about the clue-tech
mailing list