I'm seeing about four times as many attempts at ssh entry & scanning in logs on various, mostly-unrelated servers.. I wonder if there's some vulnerability that has not been reported yet?
Something is definitely going on... are others seeing this too?
Edit: found it.
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/1329
Yeah, it's been going on for several weeks now. I have three servers with close-but-not-contiguous IP numbers, and usually all three get scanned by the same IP on the same day.
If I have time, I report the IP to the netblock owner; a few have responded that they found the zombie machine and took it off line. But they seem to be multiplying.
#There is a big thread on DSLR about it too..a lot of people have been cracked it seems..
#There's been a rash of brute force attempts the last few weeks- there is a comment at http://isc.sans.org//index.php if you would like to read more...
#Am I the only one amused by the utter braindeadedness of that brute-force program? I'm seriously tempted to contact the so-called programmer who wrote it and show him how to scan /usr/share/dict/words, or maybe even attach a file descriptor to stdio of a dictionary-based password generator, just because the code is that offensively stupid.
#