From owner-freebsd-questions@FreeBSD.ORG Wed Oct 26 17:14:06 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAF75106564A for ; Wed, 26 Oct 2011 17:14:06 +0000 (UTC) (envelope-from peter@bsdly.net) Received: from skapet.bsdly.net (cl-426.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:1a9::2]) by mx1.freebsd.org (Postfix) with ESMTP id A766D8FC0C for ; Wed, 26 Oct 2011 17:14:06 +0000 (UTC) Received: from [10.168.103.31] (helo=deeperthought.bsdly.net.bsdly.net ident=peter) by skapet.bsdly.net with esmtp (Exim 4.76) (envelope-from ) id 1RJ73F-0007MK-AA; Wed, 26 Oct 2011 19:14:05 +0200 From: peter@bsdly.net (Peter N. M. Hansteen) To: freebsd-questions@freebsd.org References: <000801cc933c$60776520$21662f60$@org> Date: Wed, 26 Oct 2011 19:14:04 +0200 In-Reply-To: <000801cc933c$60776520$21662f60$@org> (Admin ValhallaProjectet's message of "Tue, 25 Oct 2011 19:34:35 +0200") Message-ID: <87ehxzd6ar.fsf@deeperthought.bsdly.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: SV: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 17:14:07 -0000 "Admin ValhallaProjectet" writes: > Probably a bunch of bots. Not very intelligent used. It's a recurring phenomenon, sometimes called the "hail mary cloud" (the odds are overwhelmingly against such things ever succeeding, but they keep trying anyway). > Really messed up my logfiles. I was a bit curious if the purpose > was just that, to mask some more clever real attacks, but haven't > seen any signs of such. > I changed my ssh port, just to reduce the noise, and it all ceased. This round was over a lot quicker than the ealier ones, see eg http://www.bsdly.net/~peter/hailmary/ and the inital blog post about the phenomenon, http://bsdly.blogspot.com/2008/12/low-intensity-distributed-bruteforce.html - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.