Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Never make anything simple and efficient when a way can be found to make it complex and wonderful.


computers / comp.security.ssh / One-shot ssh attacks

SubjectAuthor
* One-shot ssh attacksbob prohaska
`- Re: One-shot ssh attacksGrant Taylor

1
Subject: One-shot ssh attacks
From: bob prohaska
Newsgroups: comp.security.ssh
Organization: A noiseless patient Spider
Date: Fri, 18 Dec 2020 16:04 UTC
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bp...@www.zefox.net (bob prohaska)
Newsgroups: comp.security.ssh
Subject: One-shot ssh attacks
Date: Fri, 18 Dec 2020 16:04:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <rrijtn$a2m$1@dont-email.me>
Injection-Date: Fri, 18 Dec 2020 16:04:07 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c68aee2a3b5ac0993a8178def37ccf8c";
logging-data="10326"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19eu1p3DekgZpJgZ+Wc3QUlCtwbPj3x8EE="
Summary: What's the point of a single password-guessing attack?
Keywords: ssh password guess single
User-Agent: tin/2.4.4-20191224 ("Millburn") (FreeBSD/12.1-STABLE (arm))
Cancel-Lock: sha1:vMQd5QNxXB++aAKdJBYeKdlmExE=
View all headers
Lately I've been noticing what appear to be single ssh attacks
from an IP. This doesn't seen like a very efficient breakin
technique, does it have some other purpose?

Thanks for reading,

bob prohaska
 




Subject: Re: One-shot ssh attacks
From: Grant Taylor
Newsgroups: comp.security.ssh
Organization: TNet Consulting
Date: Fri, 18 Dec 2020 18:36 UTC
References: 1
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: One-shot ssh attacks
Date: Fri, 18 Dec 2020 11:36:26 -0700
Organization: TNet Consulting
Message-ID: <rrit1r$u74$1@tncsrv09.home.tnetconsulting.net>
References: <rrijtn$a2m$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Dec 2020 18:39:55 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="30948"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
In-Reply-To: <rrijtn$a2m$1@dont-email.me>
Content-Language: en-US
View all headers
On 12/18/20 9:04 AM, bob prohaska wrote:
Lately I've been noticing what appear to be single ssh attacks from an IP. This doesn't seen like a very efficient breakin technique, does it have some other purpose?

I would wonder if this is part of a massively distributed attack, possibly a bot network.  Coordinating what happens from all the different IPs.



--
Grant. . . .
unix || die


1
rocksolid light 0.7.2
clearneti2ptor