[NCLUG] Distributed attack
grant at amadensor.com
grant at amadensor.com
Thu Oct 1 12:32:19 MDT 2009
I am seeing a distributed attack, with hundreds of SSH requests per
minute, each trying to log on as root with a different password (it's OK,
I killed the root password in /etc/shadow).
Each is unique, and each is from a different IP address. I wonder if it
is a bot net. Has anyone else been seeing this kind of stuff? It is
really only in the last few days that it has been happening.
The attacks from coming from Windows boxes, a lot of them on dial up, and
mostly in Russia and China, but with a few sprinkled about the globe.
More information about the NCLUG
mailing list