lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 21 Oct 2007 21:20:38 -0600
From: James Lay <jlay@...ve-tothe-box.net>
To: Full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Spike in SSH scans

Anyone else seeing these?  Started about 3 hours ago..hereĀ¹s a snipit:

21:19:09 192.168.0.3 snort[577]: [1:2006435:3] BLEEDING-EDGE SCAN LibSSH
Based SSH Connection - Often used as a BruteForce Tool [Classification: Misc
activity] [Priority: 3]: {TCP} 203.173.40.167:21823 -> 192.168.0.2:22

And a current list of hits in the last 3 hours:

124.39.168.43
129.13.250.46
145.253.128.85
148.245.157.217
149.99.20.238
161.106.180.173
193.158.0.195
194.25.114.106
195.113.185.38
195.138.155.54
195.228.238.186
195.56.72.157
195.73.54.73
200.126.111.38
200.62.177.91
200.79.37.194
201.16.17.246
201.216.245.25
201.245.109.170
211.139.69.28
212.101.30.8
212.202.248.130
212.248.23.6
213.136.105.130
213.156.69.126
213.186.47.65
213.255.77.62
213.35.211.206
213.66.184.110
213.84.74.76
216.193.233.168
217.110.171.150
217.113.71.130
217.151.68.244
217.156.103.234
217.160.19.157
217.71.214.191
218.207.69.8
218.249.108.166
60.12.130.117
62.105.180.178
62.112.158.141
62.218.215.134
62.65.142.213
62.76.246.253
64.81.228.200
66.236.209.227
67.118.242.129
67.132.173.150
70.107.224.252
70.151.62.113
72.248.139.227
77.104.241.141
80.200.249.230
80.201.241.44
80.33.222.48
80.51.139.82
80.55.142.66
81.180.88.6
81.68.198.23
81.75.124.51
82.103.102.12
82.141.44.153
82.239.231.89
83.15.246.226
83.151.18.189
83.19.34.46
83.227.183.88
83.236.170.54
83.246.96.38
83.246.96.54
83.65.141.94
85.114.130.199
85.120.129.130
85.17.10.106
85.214.54.182
85.48.224.186
87.127.193.225
88.32.56.1
89.110.147.183
89.171.12.78
91.192.189.19

James

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ