From owner-freebsd-questions@FreeBSD.ORG Wed Oct 26 20:02:28 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A19E1065670 for ; Wed, 26 Oct 2011 20:02:28 +0000 (UTC) (envelope-from fbsd@thorshammare.org) Received: from smtprelay-b12.telenor.se (smtprelay-b12.telenor.se [62.127.194.21]) by mx1.freebsd.org (Postfix) with ESMTP id A36038FC0A for ; Wed, 26 Oct 2011 20:02:27 +0000 (UTC) Received: from iph1.telenor.se (iph1.telenor.se [195.54.127.132]) by smtprelay-b12.telenor.se (Postfix) with ESMTP id C0D68C870 for ; Wed, 26 Oct 2011 22:02:25 +0200 (CEST) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ams7AGFmqE5T4+F5PGdsb2JhbABCFptZjVwZAQEBATcygW4BAQEBAgEBAQEFICYIGBAIAwIWAjAHGQ4BBQQIAwcDEQEBBAEHBwQBChIEh18CBrUjiGoEh1aKGZN8 X-IronPort-AV: E=Sophos;i="4.69,411,1315173600"; d="scan'208";a="503129718" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO odin.thorshammare.org) ([83.227.225.121]) by iph1.telenor.se with ESMTP; 26 Oct 2011 22:01:42 +0200 Received: from Obah (obah [192.168.1.10]) by odin.thorshammare.org (8.14.5/8.14.5) with ESMTP id p9QK1bY3012007; Wed, 26 Oct 2011 22:01:37 +0200 (CEST) (envelope-from fbsd@thorshammare.org) From: "Hasse Hansson" To: "'Peter N. M. Hansteen'" , References: <000801cc933c$60776520$21662f60$@org> <87ehxzd6ar.fsf@deeperthought.bsdly.net> In-Reply-To: <87ehxzd6ar.fsf@deeperthought.bsdly.net> Date: Wed, 26 Oct 2011 22:01:24 +0200 Message-ID: <000801cc941a$0d0629b0$27127d10$@org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcyUArmBiA9PmbSpTIubF4ECgtIg2gAFy5Qw Content-Language: sv X-Virus-Scanned: clamav-milter 0.97.3 at odin.thorshammare.org X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on odin.thorshammare.org Cc: Subject: SV: SV: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Oct 2011 20:02:28 -0000 -----Oprindelig meddelelse----- Fra: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] P=E5 vegne af Peter N. M. Hansteen Sendt: den 26 oktober 2011 19:14 Til: freebsd-questions@freebsd.org Emne: Re: SV: Breakin attempt "Admin ValhallaProjectet" writes: > Probably a bunch of bots. Not very intelligent used. It's a recurring phenomenon, sometimes called the "hail mary cloud" (the odds are overwhelmingly against such things ever succeeding, but they = keep trying anyway). > Really messed up my logfiles. I was a bit curious if the purpose was=20 > just that, to mask some more clever real attacks, but haven't seen any = > signs of such. > I changed my ssh port, just to reduce the noise, and it all ceased. This round was over a lot quicker than the ealier ones, see eg http://www.bsdly.net/~peter/hailmary/ and the inital blog post about the phenomenon, http://bsdly.blogspot.com/2008/12/low-intensity-distributed-bruteforce.ht= ml - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" ----------------------------------------------- Very interesting reading. Thanks. /Hasse