[kwlug-disc] Identify this exploit?
Mikalai Birukou
mb at 3nsoft.com
Sun Dec 29 14:09:31 EST 2019
> Usually, the ssh login attempt will come from a single IP address: some
> script kiddie tries to login to hosts, using various login names
> (root, mysql,
> uucp, lpadmin, ...etc.)
Oh, no. Attacks are always run from many machines, put into hacking
asset. Different ips are the only way to speedup an attack, where
Fail2Ban records ips to slow 'em down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20191229/ee1416a8/attachment.htm>
More information about the kwlug-disc
mailing list