May 22, 2008
According to SANS News Bytes, brute force secure shell (SSH) attacks have increased significantly over the last two weeks. "An SSH attack is a type of dictionary attack that aims to guess secure shell client usernames and passwords." On Monday, May 12, statistics from denyhosts.net indicated close to 10,000 SSH attacks; normally that figure would be 2,000. Some of the attacks were coming through botnets so attackers could stay beneath detection thresholds; others were using a "low and slow" approach to avoid detection and locking out accounts. We have noticed the same uptick.
Case Unix admins and Linux users are advised to review their SSH logs and report any attempted exploits, successful or not, to the Case Help Desk, 368-HELP.
The SANS Internet Storm Center (ISC) provides specific guidance on how to protect their systems (the first url below).
Posted by Thomas Siu at 09:13 AM