To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
Normally, I wouldn't bother with this since SSH brute force attempts are so yesterday however, found this a bit odd. I manage somewhere in the vicinity of about 50-60 VoIP servers, 20-30 http/mail/etc servers and have created a sort of "Distributed IDS" against brute force attempts. All machines report to one syslog server, and that syslog server generates unique addresses that have attacked that machine and stores it in a file. That file is then uploaded to every single machine I manage under the guise that - if someone attacked one machine, I don't want that connection touching any.
Anyhow, I noticed one particular machine being attacked by seven addresses in the vicinity of about an hour. One machine! It does nothing but register SIP accounts. Nothing more nothing less. The machine was hardened so I'm not worried about someone getting into it, what I'm curious about is, whether or not anyone has noticed an increase of ssh brute force attempts this weekend?
217.173.42.144 (42-144.vivanet.hu) 203.64.237.10 (elearning.fec.edu.tw) 87.248.185.156 (87-248-185-156.starnet.md) 200.5.116.58 (servidor.energiasanjuan.com.ar) 65.111.170.42 (42-170-111-65.serverpronto.com) 220.130.193.125 (220-130-193-125.HINET-IP.hinet.net) 200.31.6.148 (sc-core2.impsat.net.ec) -- ==================================================== J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government. John Adams
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
