[HECnet] Telnet/SSH attacks
Sampsa Laine
sampsa at mac.com
Wed Nov 27 00:49:10 PST 2013
On 27 Nov 2013, at 02:01, Sampsa Laine <sampsa at mac.com> wrote:
On 26 Nov 2013, at 23:08, Hans Vlems <hvlems at zonnet.nl> wrote:
No, I get telnet attempts from it, es and nl domains lately. I put a text in sys$announce that tells the, error, user that the system is privately owned, alle access attempts are logged and monitored and that unauthorized access is not allowed. The attempts are now down to a couple every 24 hours and no longer every 5 minutes.
Just got an SSH bruteforce attempt from Korea, decided to have a look at the chap's machine:
nmap -p1-65535 -T5 -sV -oAhax0r -P0 14.63.222.153
The "attack" stopped pretty quickly after that lol.
Mainland China based IP attacked me this morning, stopped after 27 seconds of my nmap scan.
The scanners don't like to be scanned it seems :)
Might write an automatic ArcSight rule to trigger these..
sampsa
More information about the Hecnet-list
mailing list