View Single Post
Old 22nd May 2009
phoenix's Avatar
phoenix phoenix is offline
Risen from the ashes
 
Join Date: May 2008
Posts: 696
Default

Quote:
Originally Posted by Mantazz View Post
Crawling through the web, using some sort of bot system to check every host they can find for open ssh ports to try. I would expect if this was the case that the attempts would come by "ssh myobscurehostname.youwontguessthis.org".
This is rarely, if ever, done.

Quote:
Or, crawling the internet, looking for open ssh ports on any system they can get a response from. I would expect if this was the case that the attempts would come by "ssh 123.45.67.89".
This is usually what they do. To see how easy it is, try the following on your network (use the correct subnet, of course): $ nmap -p 22 192.168.0.0/24

That will search every IP from 192.168.0.0 through 192.168.0.255 for hosts with port 22 open. Takes maybe 3 seconds, most of which is just displaying the info. The actual scan takes milliseconds.

Now expand that out to use big blocks of IPs, and wrap it in a script that connects to open SSH ports, and you see what the script kiddies are doing.

It has nothing to do with hostnames and everything to do with IPs.
__________________
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
Reply With Quote