Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH probe attack afoot?

from [Jeffrey Goldberg] Network Security [Permanent Link]
Subject: Re: SSH probe attack afoot?
Date: Fri, 11 Feb 2005 20:37:22 -0800 
On Feb 6, 2005, at 7:09 AM, Bernie Cosell wrote:

We're now getting hammered with the third round of ssh probes in the last
four days [one from CA, one from Brazil and one from Virginia]. I was
wondering: is there some virus or the like floating around now that
leaves an ssh-hammering zombie in its wake? Or is it just coincidental
that we have gotten three floods?

I fear that some hosts I'm responsible for are (they almost certainly were) such zombies. chkrootkit didn't turn up anything. Is there something (in addition to anomolous ssh traffic) that I should be looking for.

But they don't seem to hammer much. They seem to do their stuff in infrequent bursts, so I don't know which machines I've cleaned, which are reinfected and which have been compromised and have gone unnoticed. Advice on eradication would be welcome.

You'll be glad to know that I've been trying to carefully monitor outgoing ssh traffic so as not to a (further) nuisance to the rest of the net.

With apologies,

-j

--
Jeffrey Goldberg                        http://www.goldmark.org/jeff/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Chinese HTTP ACKs, Kelsey Dawes
Next by Date:  Re: SSH probe attack afoot?, Stephen J. Smoogen
Previous by Thread:  Re: SSH probe attack afoot?, j lake
Next by Thread:  Re: SSH probe attack afoot?, Stephen J. Smoogen
Indexes:  [Date] [Thread] [Top] [All Lists]