Educause Security Discussion mailing list archives
dictionary attacks against root
From: dodpears <dodpears () INDIANA EDU>
Date: Sun, 22 Aug 2004 11:53:04 -0500
The following hosts have been observed performing dictionary attacks against root using ssh. These two are confirmed as scanning address spaces, hitting thousands of hosts. Aug 20 14:09:39 210.205.6.114 Aug 19 10:47:03 64.2.216.179 These have been reported by another party as having failed attempts at root, but I don't have clear information as to behavior, i.e. one time atttempts versus automated scanning. Aug 21 10:19:20 210.115.48.148 Aug 21 20:09:18 65.78.159.59 Aug 21 12:55:13 193.140.134.6 Aug 21 18:57:54 221.224.15.42 Aug 20 08:39:40 212.92.18.31 Aug 20 07:21:30 61.143.64.20 Aug 19 09:43:45 61.41.235.53 Aug 19 12:38:51 201.224.39.132 Aug 16 00:35:51 200.181.121.143 Aug 14 02:44:59 218.21.129.105 Aug 12 22:39:42 210.0.186.83 Aug 11 18:00:58 193.110.88.247 Aug 8 08:07:30 210.91.208.103 Owning networks for the above are: ASN | IP | Name 2828 | 64.2.216.179 | XOXO XO Communications 3786 | 61.41.235.53 | ERX-DACOMNET DACOM Corporation 4134 | 221.224.15.42 | CHINANET-BACKBONE No.31,Jin-ro 4134 | 61.143.64.20 | CHINANET-BACKBONE No.31,Jin-ro 4766 | 210.91.208.103 | KIXS-AS-KR Korea Telecom 4837 | 218.21.129.105 | CHINA169-BACKBONE CNCGROUP IP 8167 | 200.181.121.143 | TELESC - Telecomunicacoes de S 8517 | 193.140.134.6 | ULAKNET ULAKNET-ASN 9304 | 210.0.186.83 | HUTCHISON-AS-AP Hutchison Glob 9318 | 210.205.6.114 | HANARO-AS HANARO Telecom 11556 | 201.224.39.132 | Cable-Wireless Panama 15801 | 212.92.18.31 | MARKETORG Autonomous System 17862 | 210.115.48.148 | KWNU-AS-KR Knagwon National Un 20172 | 65.78.159.59 | SUREW SureWest Broadband 21448 | 193.110.88.247 | CROSSWIRED =================== Doug Pearson dodpears () indiana edu Research and Education Networking ISAC 24x7 Watch Desk: ren-isac () iu edu, +1(317)278-6630 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: dictionary attacks against root Eric Pancer (Aug 21)
- <Possible follow-ups>
- dictionary attacks against root dodpears (Aug 22)
- Re: dictionary attacks against root Dave Monnier (Aug 22)