On Tue, 17 May 2005, Dennis Peterson wrote: > > We've seen a huge number of increased failed ssh logins, however, I can't > > exactly corrolate it with anything specific. They appear to be zombies > > scanning for known default passwords. > > The kickoff date here was May 4. Nothing in the logs prior and then 24/7 > solid, so I thought I'd ask around and see what others are experiencing. > Thanks, Eric. > > dp
Here's a graph for May to date. Not sure what happened on the 5th -- aparently everyone was out drinking for cinco de mayo. My ~/t.t holds all the sshd entries for 2 logrotates back (zgrep++). Do you see much of a trend? The 4th is huge, but so are a few other days. -Eric [EMAIL PROTECTED] root]# for i in \ 1 \ 2 \ 3 \ 4 \ 5 \ 6 \ 7 \ 8 \ 9 10 11 12 13 14 15 16 17 ; do echo -n May $i: ; egrep -c "May $i.*sshd.*Failed" ~/t.t; done May 1:169 May 2:92 May 3:428 May 4:2012 May 5:0 May 6:454 May 7:2112 May 8:2048 May 9:593 May 10:88 May 11:5766 May 12:83 May 13:661 May 14:2828 May 15:10 May 16:126 May 17:36 > _______________________________________________ > http://lurker.clamav.net/list/clamav-users.html > > -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
