Security Incidents mailing list archives

Re: SSH attacks?

From: David Block <dave () yucc yorku ca>
Date: Thu, 29 Jul 2004 06:31:42 -0400

On Tue, Jul 27, 2004 at 10:59:07AM +1200, Robin wrote:
[...]

The big ones are going over a large list, the pairs seem to be just 
hitting test and guest:
Jul 26 23:05:59 kallisti sshd[12314]: Illegal user test 
from ::ffff:64.246.56.44
Jul 26 23:05:59 kallisti sshd[12314]: Failed password for illegal user test 
from ::ffff:64.246.56.44 port 41920 ssh2
Jul 26 23:06:01 kallisti sshd[12320]: Illegal user guest 
from ::ffff:64.246.56.44
Jul 26 23:06:01 kallisti sshd[12320]: Failed password for illegal user guest 
from ::ffff:64.246.56.44 port 41967 ssh2

Does anyone know why this would appear all of a sudden?


I don't know how related this is, but back on April 13th I got something
from 211.12.231.251 trying a wide range of likely user accounts, e.g.,
alias, info, backup, admin, test, test1, test2, support, postgres, adm,
dump, ftp, zxcvbn, and so on.

Current thread:

Re: SSH attacks?, (continued)
- - Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
  - Re: SSH attacks? Andrew J Caines (Jul 29)
    - Re: SSH attacks? Marcus Merrin (Jul 29)
    - Re: SSH attacks? Robin (Jul 30)
    - RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
    - Re: SSH attacks? Brian C. Lane (Jul 30)
  - Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
  - Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)
  - Re: SSH attacks? Valdis . Kletnieks (Jul 31)
- Re: SSH attacks? Skip Carter (Jul 30)
- Re: SSH attacks? Alexander Klimov (Jul 31)