[kwlug-disc] Identify this exploit?

Mikalai Birukou mb at 3nsoft.com
Sun Dec 29 14:09:31 EST 2019


> Usually, the ssh login attempt will come from a single IP address: some
> script kiddie tries to login to hosts, using various login names 
> (root, mysql,
> uucp, lpadmin, ...etc.)

Oh, no. Attacks are always run from many machines, put into hacking 
asset. Different ips are the only way to speedup an attack, where 
Fail2Ban records ips to slow 'em down.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20191229/ee1416a8/attachment.htm>


More information about the kwlug-disc mailing list