Hackin9

InfoSec News

Over the past 72 hours, I've noticed a shift in the types of brute force attacks I'm seeing on my SSHhoneypot. Generally, SSH attacks consist of hundreds (or thousands) of authentication attempts, each using a different username/password combination. Over the past few days, however, I'm seeing multiple IP addresses attempting to use *one* password against *one* account: root/ihatehackers.
In a sense, a single IP address taking a one-off shot at root doesn't really even qualify as brute-force and is... well... barely an attack. What I find interesting about this new behavior is the number of different sources I'm seeing for this single, somewhat lame hack.
So, how widespread is this behavior? Is anyone else seeing it? Also, does anyone have any idea what this attack is about? As I said, on the surface, this looks kinda lame, but perhaps someone out there knows something I don't...
Tom Liston

Senior Security Analyst - InGuardians, Inc.

SANS ISCHandler

Twitter: @tliston

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook will not be targeted by Anonymous on Saturday, the hacking group said in one of its Twitter accounts, again distancing itself from a threat that has gotten broad publicity since it surfaced several months ago.
 
There was mixed news on PC and microprocessor market growth this week, while the Groupon initial public offering Friday showed that there are plenty of people betting that social media will continue to drive technology trends.
 
In an informal poll, columnist Mike Elgan finds that some Android users believe iPhone users are status-seeking, ignorant sheep brainwashed by Apple marketing. Are they right?
 
Internet Storm Center Infocon Status