Hello Bogdan:
The attacks are quite simple. They are DDoS attacks, and Brute Force
attempts to sshd as root. The culprits appear to have interest mostly on
my Asterisk box... and though I had brute force attempts on other boxes,
the attacks there were relatively much lower ( in the hundreds). Of course
non-dictionary passwords is IDEAL and that is what most of us likely use.
The next most common user id being used to access sshd is admin. Followed
by common default users like mail, nobody, ftp, mysql, operator, rpm, uucp,
operator, adm, games, lp, tomcat, etc. What I have also observed is that
the attacker probably likes Tom & Jerry Cartoon show. He/She uses "tom"
and then "jerry" and repeats tom & jerry as possible user ids & random
passwords.
Oh boy! Some people's kids I tell ya!
Reza.
----- Original Message -----
From: "Bogdan A. MARINESCU" <[EMAIL PROTECTED]>
To: "Reza - Asterisk Enthusiast" <[EMAIL PROTECTED]>
Sent: Tuesday, March 28, 2006 4:00 PM
Subject: Re: [on-asterisk] Attacks - DDoS on Asterisk Server
Greetings Reza,
I have quite a bit of background in networking/linux security/etc - can
you tell me in some details what exactly were they trying to do? Or.. send
me a few lines of those attack logs? I might be able to help with
linux-based firewall software..
Thanks..
Cordially,
Bogdan A. MARINESCU
