Here we go again.. Distribued SSH attack

I guess the bad people is not taking a Easter Holliday.
They’ve started a distrubed bruteforce attack agains SSH again…

sshattack

Mostly it’s random ip addresses that are trying. But when the IP addresses actually resolves, there is a lot of mx or mail host that has been compromised and is being used in this attack. Another thought is, if they have managed to compromise an email host they might be in possession of check all mail that will be transferred thru this host. Kind of scary….

** Update **
After 2 weeks of up to 2000 hits pr day, they have moved on.

Some fun facts!
770 unique IP trying 1 to 2 times a day.
64 mail servers, 20 DNS hosts bust mostly unresolved ip (over 400)
Home users with adsl/cabel connection is on the top, probabably not even know that their machines are being used in a bot net….

Leave a Comments