lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <100451.1276784115@localhost>
Date: Thu, 17 Jun 2010 10:15:15 -0400
From: Valdis.Kletnieks@...edu
To: Gary Baribault <gary@...ibault.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: targetted SSH bruteforce attacks

On Thu, 17 Jun 2010 07:48:18 EDT, Gary Baribault said:

>     Both of these systems are within one /21 and get attacked
> regularly. I run Denyhosts on them, and update the central server once
> an hour with attacking IPs, and obviously also download the public
> hosts.deny list.
> 
>     These machines get hit regularly, so often that I don't really
> care, it's fun to make the script kiddies waste their time! But in
> this instance, only my home box is being attacked... someone is
> burning a lot of cycles and hosts to do a distributed dictionary
> attack on my one box!

One of two things springs to mind:

1) when they scanned your address space looking for SSH hosts to try to
whack, your one host didn't report as a target for some random reason.

2) they're handling their list of targets in a pseudo-random order.  We've
seen attacking IPs pound on 2 or 3 hosts in our /16 for a few days, then go
away, and 2-3 weeks later return to pound on other targets.

Bottom line: Either they didn't notice your other box, or they'll get around
to poking it in a few weeks...


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ