[ale] hack attempts

Jim Popovitch jimpop at yahoo.com
Mon Feb 7 13:13:44 EST 2005


On Mon, 2005-02-07 at 13:00 -0500, Jimmy Oliver wrote:
> Hello all,
> 
> I just referenced my logs and have quite an assortment of failed ssh
> attempts as well.  Looks like a dictionary file type/brute force
> attack.  Since mine was sourced from a 207.x.x.x address, and within
> the same time frame, it looks like a botnet attack.

The thing that worries me about this isn't what we know, it is what we
don't yet know.  These recent attempts look plain lame and silly... thus
leaving me to think that what we are seeing is just precursor tests to a
much larger event.   Everyone running ssh should keep your eyes on
BUGTRAQ and/or vendor announcement lists for the next several months, I
suspect that something bad is in the works somewhere.

-Jim P.






More information about the Ale mailing list