[plug] Recent increase in SSL probes
Brad Campbell
brad at fnarfbargle.com
Tue Dec 16 03:20:10 UTC 2014
I use the recent match in iptables to limit each ip address to 3
connections in 10 mins. This slows the logs down, but yeah it has been
relentless for the last week or so. If I had 10 minutes to spare I'd set
up a honeypot to see what they were doing. Last time I did that I
configured a vm with an account backup:backup and it was compromised in
a matter of hours.
On 16/12/14 11:17, Andrew Cooks wrote:
> Hi Brad
>
> Not sure what's going on, but I also noticed the probes on ssh. It was
> annoying enough that I moved ssh to a different port - not so much for
> security, but to stop the constant trickle of spam in my logs and waste
> of my ridiculously low dsl bandwidth.
>
> a.
>
> On Tue, Dec 16, 2014 at 11:07 AM, Brad Campbell <brad at fnarfbargle.com
> <mailto:brad at fnarfbargle.com>> wrote:
>
> G'day all,
>
> In the last couple of days we've seen an exponential increase in
> probes on ssh and new hits on imap. Notable because we've never seen
> the hits on the imap server before :
>
> dovecot: imap-login: Disconnected (no auth attempts in 0 secs):
> user=<>, rip=99.56.220.255, lip=192.168.2.1, TLS handshaking:
> SSL_accept() failed: error:140760FC:SSL
> routines:SSL23_GET_CLIENT___HELLO:unknown protocol,
> session=<K/n1XR0KQwBjONz/>
>
> Anyone else know what is going on ?
>
> _________________________________________________
> PLUG discussion list: plug at plug.org.au <mailto:plug at plug.org.au>
> http://lists.plug.org.au/__mailman/listinfo/plug
> <http://lists.plug.org.au/mailman/listinfo/plug>
> Committee e-mail: committee at plug.org.au <mailto:committee at plug.org.au>
> PLUG Membership: http://www.plug.org.au/__membership
> <http://www.plug.org.au/membership>
>
>
More information about the plug
mailing list