Security Incidents mailing list archives
Re: SSH attacks?
From: David Block <dave () yucc yorku ca>
Date: Thu, 29 Jul 2004 06:31:42 -0400
On Tue, Jul 27, 2004 at 10:59:07AM +1200, Robin wrote: [...]
The big ones are going over a large list, the pairs seem to be just hitting test and guest: Jul 26 23:05:59 kallisti sshd[12314]: Illegal user test from ::ffff:64.246.56.44 Jul 26 23:05:59 kallisti sshd[12314]: Failed password for illegal user test from ::ffff:64.246.56.44 port 41920 ssh2 Jul 26 23:06:01 kallisti sshd[12320]: Illegal user guest from ::ffff:64.246.56.44 Jul 26 23:06:01 kallisti sshd[12320]: Failed password for illegal user guest from ::ffff:64.246.56.44 port 41967 ssh2 Does anyone know why this would appear all of a sudden?
I don't know how related this is, but back on April 13th I got something from 211.12.231.251 trying a wide range of likely user accounts, e.g., alias, info, backup, admin, test, test1, test2, support, postgres, adm, dump, ftp, zxcvbn, and so on.
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
- Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)
- Re: SSH attacks? Valdis . Kletnieks (Jul 31)
- Re: SSH attacks? Skip Carter (Jul 30)
- Re: SSH attacks? Alexander Klimov (Jul 31)