rootkit?

[Alan Cox]

On Mon, Dec 12, 2005 at 02:57:28PM -0500, Chasecreek Systemhouse wrote:
> About three months ago I reported a box I admin'ed was accessed thru
> DDoS on the ssh access port -- the sshd was hit 90,000 times a hour

Standard dictionary attack set I imagine. Some of the worms are also much
smarter and use any unpassworded ssh private keys they can steal to build
a huge key based attack database

> attack, access, and discovery all happened in less than a 5 hour
> period.  The attacker either was a novice or didn't care to cover
> their tracks.

or a robot

> I would say there is a ssh brute force hack floating around that has
> not been documented yet; as such it is all Server admins best
> interests to remain vigilant.

What kernel was that box running ?