5,000 attempts and going (phone book attempt) - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Journal damn_registrars's Journal: 5,000 attempts and going (phone book attempt) 3

Journal by damn_registrars on Thursday September 25, 2014 @02:14PM

Some dumbass in Korea is desperately trying to gain access to my home system. In less than 6 hours, the system has made over 5,000 unsuccessful attempts to get in. I'm not sure if "phone book" is the right term or not, but they are going through a (very) long list of usernames and attempting to log in with them. One IP address the whole time, just not giving up.

Not that I expect it to make a difference, but I sent an email to their ISP.

This is an interesting change from the distributed attacks that I was used to seeing. Not sure if the two are related or not but I do seem to be seeing a larger number of attacks since being issued a new IP address at home.

This discussion has been archived. No new comments can be posted.

5,000 attempts and going (phone book attempt)

Load All Comments

Search 3 Comments Log In/Create an Account

Comments Filter:

So post their IP (Score:2)

by BarbaraHudson ( 3785311 ) writes:

Write another story in your journal, post the IP as well, and remember to check off the "submit as story" button.
Remember to ask "have any of you had similar experiences, and if so, what worked?"
To make it a more interesting story, also include a sample list of the user names and passwords they're using (editing out your ip, of course).. When others start doing port scans on them ...
- Re: (Score:1)
  
  by damn_registrars ( 1103043 ) writes:
  Remember to ask "have any of you had similar experiences, and if so, what worked?"
  I can predict what people will say:
  
  Change the port number that you use for ssh
  Use a tarpit or a honeypot
  Blacklist the IP address (or the entire country)
  Similarly I can predict what their ISP will do:
  
  Nothing
  At this point the attack is still ongoing. It seems like they started with just a list of common names - including 274 attempts as rot - and then eventually went to an A-Z list. We're back to the "m" names; most recently "manuel"
Finally, they gave up (Score:1)

by damn_registrars ( 1103043 ) writes:

It appears that the attempt has ended (unsuccessfully, of course). It has now been a bit more than an hour since their last attempt.

Final tally 7,752 unique attempts via ssh. The last 8 attempts were all done with a username of " " (one empty space). Total elapsed time 7 hours 40 minutes. This averages to roughly one attempt every 3.5 seconds. There are some other interesting bits to this that I might share later once I finish parsing the logs to my satisfaction.

They also tried the user "test" 54

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.