I discovered one of my machines was under an ssh DDOS attack when I was looking at logs to find out why my disk was slow. The auth log was about 90M, which is kind of unusual for this machine.
I ran an nmap against one of the IPs (nmap -P0 ).
Once I ran the nmap, the attack stopped from all the IPs. Now there is just silence.
Has anyone seen this happen before? If so, what was the cause?
N.B. This machine is used for testing, and gets rebuilt a lot. It's running Ubuntu 20.04
http://dlvr.it/S00rMy
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment