"Darryl Barlow" <[EMAIL PROTECTED]> writes:
[...]
> The server had ssh access enabled via password entry and fell victim
> to a brute force password attack.
[...]
> I still do not know how the attacker located the machine. I presume
> it was probably through a port scan which may have taken place some
> time before.
The most likely case is that they found the machine by brute force as
well; a fair proportion of hostile modern software simply picks random
IP addresses and attacks them in the hope that there is something
vulnerable.
This has the benefit, for the attacker, of turning up things that don't
get advertised, and of having a very low cost to identify targets --
especially when the economies of scale result in your large network
being able to "randomly" scan more and more of the overall network.
Regards,
Daniel
Sadly, the hackers these days just don't care any more. Nothing
personal about it, most of the time.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
