Dictionary attacks prompted by NANOG postings?
Once again shortly after posting a message to NANOG a fairly significant dictionary attack using Earthlink's mail servers fired up. The same thing happened around Nov 30th (I posted about it here.) Does this happen to anyone else posting here? It's pretty clearly a lame attempt to intimidate by some loser. Jan 17 01:29:16 pcls5 sendmail[6757]: NOUSER: ani5 relay=elasmtp-kukur.atl.sa.earthlink.net [209.86.89.65] Jan 17 01:29:19 pcls5 sendmail[7761]: NOUSER: anita2 relay=elasmtp-curtail.atl.sa.earthlink.net [209.86.89.64] Jan 17 01:29:19 pcls5 sendmail[8036]: NOUSER: ando relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:22 pcls5 sendmail[8036]: NOUSER: ando1 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:25 pcls5 sendmail[8036]: NOUSER: ando2 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:28 pcls5 sendmail[8036]: NOUSER: ando3 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] Jan 17 01:29:31 pcls5 sendmail[8036]: NOUSER: ando4 relay=elasmtp-masked.atl.sa.earthlink.net [209.86.89.68] ...etc etc -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Does this happen to anyone else posting here?
not that i have noticed. i do see massively (> 5x) more ssh dict attacks on the hosts i have in tokyo than those on other continents. but the sample size is too small to draw any serious conclusions. but i would guess there are folk who actually study this.
It's pretty clearly a lame attempt to intimidate by some loser.
rofl. seems a pretty paranoid conclusion to which to leap. could just be a list address harvester for a bunch of lists. i figure that, since my hosts don't even do password ssh, that having password guessers go after my hosts is my contribution to reducing the attacks on more vulnerable hosts. randy
On Jan 17, 2008 12:13 PM, Barry Shein <bzs@world.std.com> wrote:
Once again shortly after posting a message to NANOG a fairly significant dictionary attack using Earthlink's mail servers fired up.
The same thing happened around Nov 30th (I posted about it here.)
Post Hoc, Ergo Propter Hoc. srs
participants (3)
-
Barry Shein
-
Randy Bush
-
Suresh Ramasubramanian