Interesting patterns in the security log ... / 2010-08-10

2010-08-10 Interesting patterns in the security log ...
Interesting patterns in the security logs again:
Aug 10 00:19:42 greenblatt sshd[22045]: Bad protocol version identification '\200b\001\003\001' from 207.70.60.20
Aug 10 00:19:43 greenblatt sshd[22071]: Bad protocol version identification '\200b\001\003\001' from 209.19.175.124
Aug 10 00:19:44 greenblatt sshd[22072]: Bad protocol version identification '\200b\001\003\001' from 207.70.47.249
Aug 10 00:19:45 greenblatt sshd[22073]: Bad protocol version identification '\200b\001\003\001' from 207.70.41.212
Aug 10 00:19:45 greenblatt sshd[22074]: Bad protocol version identification '\200b\001\003\001' from 207.70.39.65
Aug 10 00:19:46 greenblatt sshd[22075]: Bad protocol version identification '\200b\001\003\001' from 69.5.238.171
Aug 10 00:19:47 greenblatt sshd[22076]: Bad protocol version identification '\200b\001\003\001' from 206.206.50.92
Aug 10 00:19:48 greenblatt sshd[22078]: Bad protocol version identification '\200b\001\003\001' from 207.70.3.141
Notice the timing. Makes me wonder what is going on.
Update: On twitter by @xs4cso:
Major rise in SSH brute force attacks and complaints overnight. Weak passwords to blame.
source
Update: Whois gives an interesting link between most of those IPs: they are all (but one) in network space owned by solution pro web hosting.

Tags: ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.55 2021/11/09 13:09:49 koos Exp $ in 0.006412 seconds.