[nycbug-talk] new bruteforcing. . .
Michael Hernandez
mhernandez at techally.com
Mon Oct 22 14:34:19 EDT 2007
On Oct 22, 2007, at 2:12 PM, George Rosamond wrote:
> I noticed this happening to some of our boxes last night while tailing
> some logs:
>
> http://isc.sans.org/diary.html?storyid=3529
>
> Anyone else notice this going on?
>
> It's not really groundbreaking, but the fact that it's in a
> distributed
> model is somewhat new for ssh and mysql bruteforce zombies.
>
> Nmaps for OSs are sketchy of course, but seems like mostly Linux
> boxes.
> . . which is somewhat groundbreaking.
>
> George
>
Funny you should post this - I was just looking into some brute force
attacks on one of our servers here - did some geobytyes searching and
it looks like a lot are coming from brazil and argentina as well as
germany and hong kong... All of the offenders (according to nmap
anyway) were "unix" machines. Sure are a lot of rooted *nix boxen out
there these days... all over the world apparently.
--Mike H
More information about the talk
mailing list