Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  login

/earth is 98% full ... please delete anyone you can.

devel / comp.security.ssh / One-shot ssh attacks

SubjectAuthor
* One-shot ssh attacksbob prohaska
`- Re: One-shot ssh attacksGrant Taylor

1
One-shot ssh attacks
  comp.security.ssh
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bp...@www.zefox.net (bob prohaska)
Newsgroups: comp.security.ssh
Subject: One-shot ssh attacks
Date: Fri, 18 Dec 2020 16:04:07 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 10
Message-ID: <rrijtn$a2m$1@dont-email.me>
Injection-Date: Fri, 18 Dec 2020 16:04:07 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c68aee2a3b5ac0993a8178def37ccf8c";
logging-data="10326"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19eu1p3DekgZpJgZ+Wc3QUlCtwbPj3x8EE="
Summary: What's the point of a single password-guessing attack?
Keywords: ssh password guess single
User-Agent: tin/2.4.4-20191224 ("Millburn") (FreeBSD/12.1-STABLE (arm))
Cancel-Lock: sha1:vMQd5QNxXB++aAKdJBYeKdlmExE=
Xref: rslight2 comp.security.ssh:312
 by: bob prohaska - Fri, 18 Dec 2020 16:04 UTC

Lately I've been noticing what appear to be single ssh attacks
from an IP. This doesn't seen like a very efficient breakin
technique, does it have some other purpose?

Thanks for reading,

bob prohaska

Re: One-shot ssh attacks
  comp.security.ssh
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!tncsrv09.home.tnetconsulting.net!.POSTED.alpha.home.tnetconsulting.net!not-for-mail
From: gtay...@tnetconsulting.net (Grant Taylor)
Newsgroups: comp.security.ssh
Subject: Re: One-shot ssh attacks
Date: Fri, 18 Dec 2020 11:36:26 -0700
Organization: TNet Consulting
Message-ID: <rrit1r$u74$1@tncsrv09.home.tnetconsulting.net>
References: <rrijtn$a2m$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 18 Dec 2020 18:39:55 -0000 (UTC)
Injection-Info: tncsrv09.home.tnetconsulting.net; posting-host="alpha.home.tnetconsulting.net:198.18.18.251";
logging-data="30948"; mail-complaints-to="newsmaster@tnetconsulting.net"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.6.0
In-Reply-To: <rrijtn$a2m$1@dont-email.me>
Content-Language: en-US
Xref: rslight2 comp.security.ssh:313
 by: Grant Taylor - Fri, 18 Dec 2020 18:36 UTC

On 12/18/20 9:04 AM, bob prohaska wrote:
> Lately I've been noticing what appear to be single ssh attacks from
> an IP. This doesn't seen like a very efficient breakin technique,
> does it have some other purpose?

I would wonder if this is part of a massively distributed attack,
possibly a bot network. Coordinating what happens from all the
different IPs.

--
Grant. . . .
unix || die

1
server_pubkey.txt

rocksolid light 0.9.1
clearnet tor