Re: Dictionary attacks prompted by NANOG postings?
On Jan 17, 2008 12:13 PM, Barry Shein [EMAIL PROTECTED] wrote: Once again shortly after posting a message to NANOG a fairly significant dictionary attack using Earthlink's mail servers fired up. The same thing happened around Nov 30th (I posted about it here.) Post Hoc, Ergo Propter Hoc. srs
Dictionary attacks prompted by NANOG postings?
Once again shortly after posting a message to NANOG a fairly significant dictionary attack using Earthlink's mail servers fired up. The same thing happened around Nov 30th (I posted about it here.) Does this happen to anyone else posting here? It's pretty clearly a lame attempt to intimidate by some loser. Jan 17 01:29:16 pcls5 sendmail[6757]: NOUSER: ani5 relay=elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65] Jan 17 01:29:19 pcls5 sendmail[7761]: NOUSER: anita2 relay=elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64] Jan 17 01:29:19 pcls5 sendmail[8036]: NOUSER: ando relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:22 pcls5 sendmail[8036]: NOUSER: ando1 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:25 pcls5 sendmail[8036]: NOUSER: ando2 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:28 pcls5 sendmail[8036]: NOUSER: ando3 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:31 pcls5 sendmail[8036]: NOUSER: ando4 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] ...etc etc -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Dictionary attacks prompted by NANOG postings?
Does this happen to anyone else posting here? not that i have noticed. i do see massively ( 5x) more ssh dict attacks on the hosts i have in tokyo than those on other continents. but the sample size is too small to draw any serious conclusions. but i would guess there are folk who actually study this. It's pretty clearly a lame attempt to intimidate by some loser. rofl. seems a pretty paranoid conclusion to which to leap. could just be a list address harvester for a bunch of lists. i figure that, since my hosts don't even do password ssh, that having password guessers go after my hosts is my contribution to reducing the attacks on more vulnerable hosts. randy