[EMAIL PROTECTED] said: > On Tue, 17 May 2005, Dennis Peterson wrote: > >> > We've seen a huge number of increased failed ssh logins, however, I >> can't >> > exactly corrolate it with anything specific. They appear to be >> zombies >> > scanning for known default passwords. >> >> The kickoff date here was May 4. Nothing in the logs prior and then 24/7 >> solid, so I thought I'd ask around and see what others are experiencing. >> Thanks, Eric. >> >> dp > > Here's a graph for May to date. Not sure what happened on the 5th -- > aparently everyone was out drinking for cinco de mayo. My ~/t.t holds all > the sshd entries for 2 logrotates back (zgrep++). Do you see much of a > trend? The 4th is huge, but so are a few other days. > > -Eric >
Tracks well with mine, Eric - can you provide the IP list from the 4th? Offline, of course so big sig guy doesn't get his speedos in a bunch. Thanks! dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
