Security Bytes

Sep 19 2008   1:25PM GMT

SSH brute force attacks still going strong

David Schneier David Schneier Profile: David Schneier

The brute-force SSH attacks that have plagued the Internet for much of this year are continuing, and experts are responding by creating tools to stop the brute-force attempts and lists of the attacking IP addresses. The SANS Internet Storm Center has a good post with some information on SSH attack mitigation tools and advice on what to do if you’re being attacked. But the most interesting information on this wave of attacks is coming from The Shadowserver Foundation, which has compiled a quick list of some IP addresses that are attacking and the domains that own those machines. The list has quite a few interesting domains on it, including a number of U.S. colleges and universities. Shadowserver also has a chart showing which countries have the most attacking IP addresses, and not surprisingly, the U.S. and China are at the top of the list, with nearly 17% in China and nearly 14% in the U.S.

It’s a small sample size, but if you’re being hit with this, it never hurts to know where it’s coming from. These attacks have been ongoing for several months, and there are a variety of attack tools out there  to make life simple for the bad guys. Stay tuned, as I’d doubt this is going to stop anytime soon.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: