[102925] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Dave Pooser)
Sat Mar 8 02:10:32 2008
Date: Sat, 08 Mar 2008 00:59:17 -0600
From: Dave Pooser <dave.nanog@alfordmedia.com>
To: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.62.0803081651430.11036@maverick.blakjak.net>
Errors-To: owner-nanog@merit.edu
> Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of a
> concern? I can only assume it's to stop clients exploited boxen being used
> to anonymise further telnet/ssh attempts - but have to admit this
> discussion is the first i've heard of it being done 'en masse'.
On one test machine that I leave SSH unfirewalled on, I'll see 200-4000 SSH
login attempts per day, trying to brute force it. Lets see, this morning in
an eight-minute span from one IP in Aruba 100 attempts for root; other
usernames attempted include admin, staff, sales, office, alias, stud (!),
trash, guest, test, oracle, a few personal names, apache, svn, iraf, swsoft,
gast, sirsi and nagios. And this is a relatively slow day.
Telnet I wouldn't know about, but I'm told bots will try to force it as
well.
--
Dave Pooser, ACSA
Manager of Information Services
Alford Media http://www.alfordmedia.com
