As mentioned in my Tweet post, the 16 Jun, our HoneyNet has reveal increasing SSH Brute Force Attempts. These scans have been confirmed by Internet Storm Center (ISC), the 18 Jun from other sources. These scans made me remember last year and the incredible SSH 0Day rumor, and also the Zero For Owneds, Summer of Hax, also knows as ZF05. Maybe another try to own security experts infrastructures before DefCon & BlackHat ?
We have a clear difference with ISC alert around the increasing SSH Brute Force Attempts. On our HoneyNet all the source IP addresses have only focus on the root user and really try to password brute force the root account.
You follow the SSH Brute Force Attempts in our Use Case SUC015 with real time life data’s.