[CLUE-Tech] Brute force attack from host 208.188.115.21
Charles Oriez
coriez at oriez.org
Thu Aug 5 09:41:51 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 09:07 AM 8/5/2004 -0500, Glen Newell wrote:
>Sans has been tracking reports of SSH- brute force attacks...they are
>trying to find what tool/script is out there that's being circulated.
>You ought to send them your logs and stuff, it might help. It sounds to
>me like most of those attacks were coming from eastern europe, but that
>was late last week...
> > I'm getting attempts at test and guest from 211.138.142.26 That is
>in AU
> > space.
> >
Upon further review of the play called on the field, I don't think mine
qualifies as brute force. I think they were checking first to see if the
account even existed, which it doesn't, and moved on when their attempt
told them that. the hits weren't multiple.
- --
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"99% of lawyers give the rest of them a bad name."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
iQA/AwUBQRJVP7iLNnC0cMkdEQKi3wCdFohL+NUpYGwD5w+Zw/cGocyk3SIAnRSH
x6z+SN2ZAO1jhuNp/wBjcLkJ
=dnQ7
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list