[PLUG-TALK] Increased System Probes/Cracking Attempts

drew wymore drew.wymore at gmail.com
Wed Apr 28 15:46:42 UTC 2010


On Wed, Apr 28, 2010 at 6:18 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
>   Starting yesterday we've been subjected to a flood of cracking attempts
> that are rejected by the firewall, about every minute or two. There have
> also been several thousand sshd attempts and more than 16K rejected e-mails
> yesterday alone. These numbers are much higher than I've seen before.
>
>   The firewall is rejecting the UDP packets, but I get the e-mailed
> notification in my inbox when this happens; the sshd cracking attempts are
> also rejected. But, it's annoying.
>
>   Has anyone else seen a recent increase in attempts to crack into networks?
> Is there anything I can do to discourage these attempts (they come from a
> broad range of IP addresses; perhaps all highjacked Windows machines)? I'm
> sure that eventually the probes will once again drop down to the very low
> normal levels, and I'd like to see that happen sooner rather than later.
>
> Rich
>
> _______________________________________________
> PLUG-talk mailing list
> PLUG-talk at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug-talk
>

I haven't noticed anything on my residential account Rich but I see
failed sshd attempts _all the time_ on my colo box. At one point in
time I grabbed a list of all APAC networks and just added them in bulk
to my firewall config and it dropped the attempts quite a bit.

Drew-



More information about the PLUG-talk mailing list