InfoSec News


SSHbrute force password guessing attacks aren't really anything new. They have been going on for quite some time and whilst early July there was a small dip things seems to be getting back to normal. One of our readers (thanks Robert) though noticed that the SSHbrute forcing is coordinated between a number of IPaddresses (118.97.8.28, 125.210.209.152, and 161.200.184.4). If you have SSHopen to the internet (honeypot or real) and you are able to share some log files I'd be interested to take a look at them. Please upload them using the contact form or send them directly to [email protected]
Log files will look something like this.

Username SourceIPAddr lPort Count TimeStamp

bette 118.97.8.28 22 1 09:51:05 EDT Sat Jul 16 2011

clairette 118.97.8.28 22 1 09:51:29 EDT Sat Jul 16 2011

clamens 118.97.8.28 22 1 09:51:33 EDT Sat Jul 16 2011

clarisse 118.97.8.28 22 1 09:51:37 EDT Sat Jul 16 2011

claude 118.97.8.28 22 1 09:51:41 EDT Sat Jul 16 2011

dumont 118.97.8.28 22 1 09:52:05 EDT Sat Jul 16 2011

duplo 118.97.8.28 22 1 09:52:09 EDT Sat Jul 16 2011

dupont 118.97.8.28 22 1 09:52:12 EDT Sat Jul 16 2011

durand 118.97.8.28 22 1 09:52:16 EDT Sat Jul 16 2011

farceur 118.97.8.28 22 1 09:52:40 EDT Sat Jul 16 2011

farucci 118.97.8.28 22 1 09:52:44 EDT Sat Jul 16 2011

faustine 118.97.8.28 22 1 09:52:48 EDT Sat Jul 16 2011
Mark

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
On July 8, columnist Mike Elgan went on the Google+ Diet, using Google's new social network for all his online communication. He stopped using Facebook, Twitter, Foursquare, and several other services. Here's what he learned.
 
Google+ is so popular that people have already taken to tweaking it themselves. Here are eight useful Google+ tweaks.
 
Internet Storm Center Infocon Status