Full Disclosure mailing list archives
Re: Automated SSH login attempts?
From: Alain Crespo <gazpa () euskalnet net>
Date: Thu, 29 Jul 2004 01:45:28 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I also seen since July 22nd, bruteforce login attempts on ftpd (proftpd) from same ip ranges. And like you some attempts in sshd. The difference between them is that for sshd used users are same as yours, but for ftpd they used a usernames dictionary (with hundreds of users, what patience ;) ). Anyone noticed some similar? Jul 22 21:23:06 www0 proftpd[4447]: myhost (61.109.251.191[61.109.251.191]) - USER invaliduserinvalid: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:08 www0 proftpd[4448]: myhost (61.109.251.191[61.109.251.191]) - USER board: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:10 www0 proftpd[4449]: myhost (61.109.251.191[61.109.251.191]) - USER btraining: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:12 www0 proftpd[4451]: myhost (61.109.251.191[61.109.251.191]) - USER distros: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:14 www0 proftpd[4452]: myhost (61.109.251.191[61.109.251.191]) - USER forge4os: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:16 www0 proftpd[4453]: myhost (61.109.251.191[61.109.251.191]) - USER licentia: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:18 www0 proftpd[4454]: myhost (61.109.251.191[61.109.251.191]) - USER linuxnews: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:20 www0 proftpd[4455]: myhost (61.109.251.191[61.109.251.191]) - USER localgforge: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:22 www0 proftpd[4456]: myhost (61.109.251.191[61.109.251.191]) - USER metalist: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:25 www0 proftpd[4457]: myhost (61.109.251.191[61.109.251.191]) - USER myos: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:27 www0 proftpd[4458]: myhost (61.109.251.191[61.109.251.191]) - USER newsadmin: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:29 www0 proftpd[4459]: myhost (61.109.251.191[61.109.251.191]) - USER osgitestbed: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:31 www0 proftpd[4463]: myhost (61.109.251.191[61.109.251.191]) - USER ossnews: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:34 www0 proftpd[4464]: myhost (61.109.251.191[61.109.251.191]) - USER osync: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:36 www0 proftpd[4465]: myhost (61.109.251.191[61.109.251.191]) - USER peerrating: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:38 www0 proftpd[4466]: myhost (61.109.251.191[61.109.251.191]) - USER resolvit: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 Jul 22 21:23:40 www0 proftpd[4467]: myhost (61.109.251.191[61.109.251.191]) - USER siteadmin: no such user found from 61.109.251.191 [61.109.251.191] to 82.130.240.230:21 - -- un saludo, Alain Crespo <gazpa () euskalnet net> _,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_ Why use Windows, since there is a door? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBCDqYP3/+R0rF2wkRAtW3AJ963dd6X7Nf17ZjRV/IDcb3DX4GfQCgjkD4 dbK+EryHfYKhIQDcaYMMiec= =zLQW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Automated SSH login attempts?, (continued)
- Re: Automated SSH login attempts? Valdis . Kletnieks (Jul 30)
- Re: Automated SSH login attempts? Jan Muenther (Jul 31)
- Re: Automated SSH login attempts? Harry Hoffman (Jul 25)
- Re: Automated SSH login attempts? Andrew Farmer (Jul 25)
- Re: Automated SSH login attempts? Paul Mohr (Jul 25)
- Re: Automated SSH login attempts? Paul Schmehl (Jul 25)
- Re: [VulnDiscuss] Re: Automated SSH login attempts? RBabb (Jul 27)
- Re: [VulnDiscuss] Re: Automated SSH login attempts? Paul Schmehl (Jul 27)
- Re: [VulnDiscuss] Re: Automated SSH login attempts? RBabb (Jul 27)
- Re: Automated SSH login attempts? Andrei Galca-Vasiliu (Jul 25)
- Re: Automated SSH login attempts? Shafik Yaghmour (Jul 26)
- Re: Automated SSH login attempts? Alain Crespo (Jul 28)
- Re: Automated SSH login attempts? syrrus (Jul 25)
- Re: Automated SSH login attempts? Joe Hickory (Jul 27)
- Re: Automated SSH login attempts? Juan Carlos Navea (Jul 29)
- RE: Automated SSH login attempts? Todd Towles (Jul 29)
- Re: Automated SSH login attempts? Ali Campbell (Jul 29)
- Re: Automated SSH login attempts? Andrew Farmer (Jul 29)
- Re: Automated SSH login attempts? Jan Muenther (Jul 30)
- RE: Automated SSH login attempts? Todd Towles (Jul 30)
- Re: Automated SSH login attempts? Stefan Janecek (Jul 30)
- Re: Automated SSH login attempts? Jan Muenther (Jul 31)