Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: Reports of higher than normal SSH Attacks - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reports of higher than normal SSH Attacks

We have a report of a much greater than the normal noise of SSH based attacks. Anyone else seeing this?

Richard Porter

@packetalien || rporter at isc dot sans dot edu

Richard

161 Posts
ISC Handler
Confirmed for here - substantially elevated number of sources beginning on the 20th. "Thanksgiving" is typically a spike, but things started earlier this year than we have typically seen.
Ken

40 Posts
Did it start early because Thanksgiving was as late in the month as it can be?
KBR

63 Posts
Did it start early because Thanksgiving was as late in the month as it can be?
KBR

63 Posts
We see also that starting at around November 20th the rate of TCP/22 connects into our darknets (nonrouted networks) rises.
We have now 5 to 6 times more sans than before.
Jens

41 Posts
There has been a steady increase in SSH attacks that have been seen from these networks in China, Russia,Turkey, Germany, France, Thailand, Hong Kong and Brazil.

61.147.116.62 (Number for CHINANET jiangsu province backbone (AS23650)
42.51.145.13 (CNCGROUP China169 Backbone (AS4837))
61.147.113.107 (Number for CHINANET jiangsu province backbone (AS23650)
61.147.113.93 (Number for CHINANET jiangsu province backbone (AS23650)
61.147.103.4 Number for CHINANET jiangsu province backbone (AS23650)
183.129.197.227 Chinanet (AS4134)
61.147.116.33 Number for CHINANET jiangsu province backbone (AS23650)
61.146.153.209 Chinanet (AS4134)
222.189.239.10 Chinanet (AS4134)
222.175.114.134 Chinanet (AS4134)
182.16.9.50 NETWORK AND SECURITY SOLUTIONS LIMITED (AS45753) HOng Kong
61.55.191.148 CNCGROUP China169 Backbone (AS4837) (China)
95.172.154.80 Closed Joint Stock Company RTComm-Sibir (AS41066) (Russia)
88.198.153.40 Hetzner Online AG (AS24940) (Germany)
212.68.59.191 Hosting Internet Hizmetleri Sanayi ve Ticaret Anonim Sirketi (AS42910)(Turkey)
62.193.238.121 AMEN AMEN DEDICATED (AS48185) (France)
211.167.42.92 INTERWAY BEIJIN TV ENTERPRISE DEVELOPMET FACTION (AS7638) (China)
122.224.6.176 Chinanet (AS4134) (China)
187.115.202.2 Global Village Telecom (AS18881) (Brazil)
180.180.165.180 TOT Public Company Limited (AS9737) (Thailand)
123.125.210.210 CNCGROUP IP network China169 Beijing Province Network (AS4808) (China)
Edward

8 Posts

Sign Up for Free or Log In to start participating in the conversation!