To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
Normally, I wouldn't bother with this since SSH brute force attempts are
so yesterday however, found this a bit odd. I manage somewhere in the
vicinity of about 50-60 VoIP servers, 20-30 http/mail/etc servers and
have created a sort of "Distributed IDS" against brute force attempts.
All machines report to one syslog server, and that syslog server
generates unique addresses that have attacked that machine and stores it
in a file. That file is then uploaded to every single machine I manage
under the guise that - if someone attacked one machine, I don't want
that connection touching any.
Anyhow, I noticed one particular machine being attacked by seven
addresses in the vicinity of about an hour. One machine! It does nothing
but register SIP accounts. Nothing more nothing less. The machine was
hardened so I'm not worried about someone getting into it, what I'm
curious about is, whether or not anyone has noticed an increase of ssh
brute force attempts this weekend?
217.173.42.144 (42-144.vivanet.hu)
203.64.237.10 (elearning.fec.edu.tw)
87.248.185.156 (87-248-185-156.starnet.md)
200.5.116.58 (servidor.energiasanjuan.com.ar)
65.111.170.42 (42-170-111-65.serverpronto.com)
220.130.193.125 (220-130-193-125.HINET-IP.hinet.net)
200.31.6.148 (sc-core2.impsat.net.ec)
--
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
smime.p7s
Description: S/MIME Cryptographic Signature
___
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets