View Single Post
Old 22nd May 2009
Mantazz Mantazz is offline
Shell Scout
 
Join Date: Oct 2008
Posts: 90
Default

Quote:
I can't add anything new to this except to reiterate that this is normal behaviour
I apologize if I was not clear when I said earlier that I know others see the same activity on their boxes. I don't for a moment suspect that there is anything particularly interesting about my box; indeed even I consider it rather dull, just another FreeBSD box up 24/7 with a cable modem connection. Not running anything particularly sexy; a pretty basic installation with Apache2 and a semi-functional mysql / PHP install.
Quote:
There are other security fish to fry.
Which is why I am not investing a great deal of time and energy into this situation.

Really, I am interested in it more from an "informatics" standpoint:

Where are the systems that are being used for this?
How many times does a single system try in a given time frame?
How do the attempts per unit time vary over time?
How much deviation is there between different names or systems?
How does the logic change over time (regarding attempts / name, attempts / address, attempts / unit time)?
What factors are common between the systems who make the most attempts?

And of course
How did my system end up on the list of targets for these (which we have already addressed here)?

But these questions are all for my own interest and nothing else. I don't expect that I would in any way be able to stop the botnets by answering those questions. I know that there are more pressing issues in the world in general and even in the worlds of FreeBSD or openssh security.

I'm a scientist. I find data to be interesting. When my own research (which is not related to this in the least) has data-less days I try to find other topics where there is data that I find interesting.
Reply With Quote