Security Incidents mailing list archives
Re: SSH attacks?
From: "Brian C. Lane" <bcl () brianlane com>
Date: Thu, 29 Jul 2004 15:12:31 -0700
On Wed, Jul 28, 2004 at 08:22:24PM -0400, Andrew J Caines wrote:
FWIW, here's what I've seen on my single IP cable connection: Jul 17 04:54:46 test 129.194.21.5 Jul 17 04:54:47 guest 129.194.21.5 Jul 22 04:38:49 test 61.237.13.234 Jul 22 04:38:52 guest 61.237.13.234 Jul 23 10:55:46 test 61.109.156.5 Jul 23 10:55:49 guest 61.109.156.5 Jul 24 19:40:48 test 202.6.75.195 Jul 24 19:40:50 guest 202.6.75.195 Jul 24 20:24:31 test 69.0.134.72 Jul 24 20:24:31 guest 69.0.134.72 Jul 24 20:24:32 admin 69.0.134.72 Jul 24 20:24:33 admin 69.0.134.72 Jul 24 20:24:34 user 69.0.134.72 Jul 24 20:24:37 test 69.0.134.72 Jul 25 02:51:10 test 211.202.3.148 Jul 25 02:51:12 guest 211.202.3.148 Jul 25 16:30:34 test 219.234.216.150 Jul 25 16:30:37 guest 219.234.216.150 Jul 27 16:12:08 test 210.92.210.67 Jul 27 16:12:10 guest 210.92.210.67 Jul 28 11:52:43 test 65.61.98.16 Jul 28 11:52:45 guest 65.61.98.16
Here's my list from the last week or so. 130.15.15.239 140.130.211.13 200.217.168.82 202.141.1.28 204.17.205.2 207.172.87.38 207.44.154.9 207.44.192.71 210.212.218.35 210.92.210.67 218.237.66.152 24.113.79.8 61.107.176.163 62.100.21.188 62.117.99.83 62.129.173.135 62.183.28.116 62.67.45.4 65.102.152.64 Generated with: grep sshd messages* | grep Illegal | awk '{print $10}' | sort -u The 'NOUSER' error is normal, not something odd as I previously suspected. It happens for any unknown user that tries to log in. I haven't checked any of the scanners to see if they have been cracked. If anyone else has, do they have insecure test/guest account on them? test and guest are not standard account on any current Linux distribution that I am aware of. Brian -- ---[Office 77.7F]--[Fridge 42.4F]---[Fozzy 98.6F]--[Coaster 77.8F]--- Linux Software Developer http://www.brianlane.com
Attachment:
_bin
Description:
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
- Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)
- Re: SSH attacks? Valdis . Kletnieks (Jul 31)
- Re: SSH attacks? Skip Carter (Jul 30)
- Re: SSH attacks? Alexander Klimov (Jul 31)