[nycbug-talk] new bruteforcing. . .
Charles Sprickman
spork at bway.net
Mon Oct 22 15:30:45 EDT 2007
On Mon, 22 Oct 2007, George Rosamond wrote:
> I noticed this happening to some of our boxes last night while tailing
> some logs:
>
> http://isc.sans.org/diary.html?storyid=3529
>
> Anyone else notice this going on?
I saw more in my logs on the few boxes open to the world, but pf is nuking
them nicely after a few tries (and we don't allow non-key logins anyhow).
One mystery though with the old scanner bots that I never figured out was
what is the deal with "fluffy"??
Oct 12 07:57:18 miko sshd[99893]: Invalid user fluffy from 87.30.69.11
Oct 16 08:01:32 miko sshd[41118]: Invalid user fluffy from 121.162.217.27
I understand "root", "admin", "staff", etc. But fluffy??
Charles
> It's not really groundbreaking, but the fact that it's in a distributed
> model is somewhat new for ssh and mysql bruteforce zombies.
>
> Nmaps for OSs are sketchy of course, but seems like mostly Linux boxes.
> . . which is somewhat groundbreaking.
>
> George
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
> We meet the first Wednesday of the month
> Be sure to join our Announce list at http://lists.nycbug.org
>
More information about the talk
mailing list