[nycbug-talk] new bruteforcing. . .
spork at bway.net
Mon Oct 22 15:30:45 EDT 2007
On Mon, 22 Oct 2007, George Rosamond wrote:
> I noticed this happening to some of our boxes last night while tailing
> some logs:
> Anyone else notice this going on?
I saw more in my logs on the few boxes open to the world, but pf is nuking
them nicely after a few tries (and we don't allow non-key logins anyhow).
One mystery though with the old scanner bots that I never figured out was
what is the deal with "fluffy"??
Oct 12 07:57:18 miko sshd: Invalid user fluffy from 184.108.40.206
Oct 16 08:01:32 miko sshd: Invalid user fluffy from 220.127.116.11
I understand "root", "admin", "staff", etc. But fluffy??
> It's not really groundbreaking, but the fact that it's in a distributed
> model is somewhat new for ssh and mysql bruteforce zombies.
> Nmaps for OSs are sketchy of course, but seems like mostly Linux boxes.
> . . which is somewhat groundbreaking.
> talk mailing list
> talk at lists.nycbug.org
> We meet the first Wednesday of the month
> Be sure to join our Announce list at http://lists.nycbug.org
More information about the talk