Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

dictionary attacks against root

From: dodpears <dodpears () INDIANA EDU>
Date: Sun, 22 Aug 2004 11:53:04 -0500
The following hosts have been observed performing dictionary attacks
against root using ssh.

These two are confirmed as scanning address spaces, hitting thousands of
hosts.

Aug 20 14:09:39  210.205.6.114
Aug 19 10:47:03  64.2.216.179

These have been reported by another party as having failed attempts at
root, but I don't have clear information as to behavior, i.e. one time
atttempts versus automated scanning.

Aug 21 10:19:20  210.115.48.148
Aug 21 20:09:18  65.78.159.59
Aug 21 12:55:13  193.140.134.6
Aug 21 18:57:54  221.224.15.42
Aug 20 08:39:40  212.92.18.31
Aug 20 07:21:30  61.143.64.20
Aug 19 09:43:45  61.41.235.53
Aug 19 12:38:51  201.224.39.132
Aug 16 00:35:51  200.181.121.143
Aug 14 02:44:59  218.21.129.105
Aug 12 22:39:42  210.0.186.83
Aug 11 18:00:58  193.110.88.247
Aug  8 08:07:30  210.91.208.103

Owning networks for the above are:

ASN     | IP               | Name
2828    | 64.2.216.179     | XOXO XO Communications
3786    | 61.41.235.53     | ERX-DACOMNET DACOM Corporation
4134    | 221.224.15.42    | CHINANET-BACKBONE No.31,Jin-ro
4134    | 61.143.64.20     | CHINANET-BACKBONE No.31,Jin-ro
4766    | 210.91.208.103   | KIXS-AS-KR Korea Telecom
4837    | 218.21.129.105   | CHINA169-BACKBONE CNCGROUP IP
8167    | 200.181.121.143  | TELESC - Telecomunicacoes de S
8517    | 193.140.134.6    | ULAKNET ULAKNET-ASN
9304    | 210.0.186.83     | HUTCHISON-AS-AP Hutchison Glob
9318    | 210.205.6.114    | HANARO-AS HANARO Telecom
11556   | 201.224.39.132   | Cable-Wireless Panama
15801   | 212.92.18.31     | MARKETORG Autonomous System
17862   | 210.115.48.148   | KWNU-AS-KR Knagwon National Un
20172   | 65.78.159.59     | SUREW SureWest Broadband
21448   | 193.110.88.247   | CROSSWIRED ===================


Doug Pearson
dodpears () indiana edu
Research and Education Networking ISAC
24x7 Watch Desk: ren-isac () iu edu, +1(317)278-6630

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: