ISC just put up a diary on it that has a little bit more information for
anyone interested:
http://isc.sans.org/diary.html?storyid=3529
Steven
www.securityzone.org
> I saw an unusually high volume of scans between 2200 and last night
> on my residential connection. They all made their initi
I saw an unusually high volume of scans between 2200 and last night
on my residential connection. They all made their initial probe using
'mysql' as the user. On average it looks like each of them made around
15 attempts, which is fairly low, and points to a scanner smart enough
to recognize t
Adrian wrote:
> Yeah, some of those ips also tried to login on my server as 'mysql' and
> 'root'.
> Even my university is part of that crappy botnet. :x
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-cha
Yeah, some of those ips also tried to login on my server as 'mysql' and
'root'.
Even my university is part of that crappy botnet. :x
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsor
Anyone else seeing these? Started about 3 hours ago..hereĀ¹s a snipit:
21:19:09 192.168.0.3 snort[577]: [1:2006435:3] BLEEDING-EDGE SCAN LibSSH
Based SSH Connection - Often used as a BruteForce Tool [Classification: Misc
activity] [Priority: 3]: {TCP} 203.173.40.167:21823 -> 192.168.0.2:22
And a