[nycbug-talk] new bruteforcing. . .

Michael Hernandez mhernandez at techally.com
Mon Oct 22 14:34:19 EDT 2007

On Oct 22, 2007, at 2:12 PM, George Rosamond wrote:

> I noticed this happening to some of our boxes last night while tailing
> some logs:
> http://isc.sans.org/diary.html?storyid=3529
> Anyone else notice this going on?
> It's not really groundbreaking, but the fact that it's in a  
> distributed
> model is somewhat new for ssh and mysql bruteforce zombies.
> Nmaps for OSs are sketchy of course, but seems like mostly Linux   
> boxes.
> . . which is somewhat groundbreaking.
> George

Funny you should post this - I was just looking into some brute force  
attacks on one of our servers here - did some geobytyes searching and  
it looks like a lot are coming from brazil and argentina as well as  
germany and hong kong...  All of the offenders (according to nmap  
anyway) were "unix" machines. Sure are a lot of rooted *nix boxen out  
there these days... all over the world apparently.

--Mike H

More information about the talk mailing list