Interesting patterns in the security log ... / 2010-08-10

2010-08-10 Interesting patterns in the security log ... 9 years ago
Interesting patterns in the security logs again:
Aug 10 00:19:42 greenblatt sshd[22045]: Bad protocol version identification '\200b\001\003\001' from 207.70.60.20
Aug 10 00:19:43 greenblatt sshd[22071]: Bad protocol version identification '\200b\001\003\001' from 209.19.175.124
Aug 10 00:19:44 greenblatt sshd[22072]: Bad protocol version identification '\200b\001\003\001' from 207.70.47.249
Aug 10 00:19:45 greenblatt sshd[22073]: Bad protocol version identification '\200b\001\003\001' from 207.70.41.212
Aug 10 00:19:45 greenblatt sshd[22074]: Bad protocol version identification '\200b\001\003\001' from 207.70.39.65
Aug 10 00:19:46 greenblatt sshd[22075]: Bad protocol version identification '\200b\001\003\001' from 69.5.238.171
Aug 10 00:19:47 greenblatt sshd[22076]: Bad protocol version identification '\200b\001\003\001' from 206.206.50.92
Aug 10 00:19:48 greenblatt sshd[22078]: Bad protocol version identification '\200b\001\003\001' from 207.70.3.141
Notice the timing. Makes me wonder what is going on.
Update: On twitter by @xs4cso:
Major rise in SSH brute force attacks and complaints overnight. Weak passwords to blame.
source
Update: Whois gives an interesting link between most of those IPs: they are all (but one) in network space owned by solution pro web hosting.

Tags: ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004400 seconds.