Editer l'article Suivre ce blog Administration + Créer mon blog
1 novembre 2011 2 01 /11 /novembre /2011 21:27

I just found out that one of my NIPS' reports seems pretty clear regarding the daily top alerts:



For those who forgot to secure a lil bit their (open)SSH server, time's running...

What about that IP address Well, it is the reverse DNS pointer of http://argi9cure.com/.

Just have a look at it: CentOS default webpage! :( And above all, Apache 2.2.3, most likely obsolete.


Quite interesting, what (McAfee) TrustedSource says about it:




So, not only massive SSH sessions attempts are being launched from that server, but its mail volume (as a sender) has drastically changed, and got 500% bigger!

Another compromised server being used to stealthily spam, uh?

Furthermore, this IP address has also been reported in the DShield's stats: 


This once again shows the relevance of IP's reputation based filtering.


Partager cet article