I'm seeing traces of a massive and coord ... / 2008-11-26

Koos van den Hout

2008-11-26 I'm seeing traces of a massive and coord ... 11 years ago
I'm seeing traces of a massive and coordinated ssh dictionary attack. Talking on irc and checking usenet about it shows the same names being tried at the same time in the US, England and Japan, and mentioned IPs also showing up at other times on hosts. For example, from two hosts with adjacent IPs: 
Nov 26 14:52:16 idefix sshd[63866]: Illegal user cleopatra from 85.207.120.188
Nov 26 14:52:16 idefix sshd[63866]: Failed unknown for illegal user cleopatra from 85.207.120.188 port 55938 ssh2

Nov 26 14:52:16 web-3 sshd[63867]: Illegal user cleopatra from 85.207.120.188
Nov 26 14:52:16 web-3 sshd[63867]: Failed unknown for illegal user cleopatra from 85.207.120.188 port 55939 ssh2
One funky botnet at work? Trying to find unix boxes for mischief?

A web search yields more mention of the IP above at What is with the script kiddies tonight??.

Tags: ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004124 seconds.