Reports of higher than normal SSH Attacks - UPDATE

Published: 2013-12-02
Last Updated: 2013-12-02 22:20:15 UTC
by Richard Porter (Version: 2)
5 comment(s)

UPDATE:

Thank you to all who reported! Reports are that SSH based attacks are increasing. We will continue to monitor!

---

We have a report of a much greater than the normal noise of SSH based attacks. Anyone else seeing this?

Richard Porter

@packetalien || rporter at isc dot sans dot edu

5 comment(s)

Comments

Confirmed for here - substantially elevated number of sources beginning on the 20th. "Thanksgiving" is typically a spike, but things started earlier this year than we have typically seen.
Did it start early because Thanksgiving was as late in the month as it can be?
Did it start early because Thanksgiving was as late in the month as it can be?
We see also that starting at around November 20th the rate of TCP/22 connects into our darknets (nonrouted networks) rises.
We have now 5 to 6 times more sans than before.
There has been a steady increase in SSH attacks that have been seen from these networks in China, Russia,Turkey, Germany, France, Thailand, Hong Kong and Brazil.

61.147.116.62 (Number for CHINANET jiangsu province backbone (AS23650)
42.51.145.13 (CNCGROUP China169 Backbone (AS4837))
61.147.113.107 (Number for CHINANET jiangsu province backbone (AS23650)
61.147.113.93 (Number for CHINANET jiangsu province backbone (AS23650)
61.147.103.4 Number for CHINANET jiangsu province backbone (AS23650)
183.129.197.227 Chinanet (AS4134)
61.147.116.33 Number for CHINANET jiangsu province backbone (AS23650)
61.146.153.209 Chinanet (AS4134)
222.189.239.10 Chinanet (AS4134)
222.175.114.134 Chinanet (AS4134)
182.16.9.50 NETWORK AND SECURITY SOLUTIONS LIMITED (AS45753) HOng Kong
61.55.191.148 CNCGROUP China169 Backbone (AS4837) (China)
95.172.154.80 Closed Joint Stock Company RTComm-Sibir (AS41066) (Russia)
88.198.153.40 Hetzner Online AG (AS24940) (Germany)
212.68.59.191 Hosting Internet Hizmetleri Sanayi ve Ticaret Anonim Sirketi (AS42910)(Turkey)
62.193.238.121 AMEN AMEN DEDICATED (AS48185) (France)
211.167.42.92 INTERWAY BEIJIN TV ENTERPRISE DEVELOPMET FACTION (AS7638) (China)
122.224.6.176 Chinanet (AS4134) (China)
187.115.202.2 Global Village Telecom (AS18881) (Brazil)
180.180.165.180 TOT Public Company Limited (AS9737) (Thailand)
123.125.210.210 CNCGROUP IP network China169 Beijing Province Network (AS4808) (China)

Diary Archives