Security Incidents mailing list archives

Re: MASSIVE ssh attack attempt

From: david () PANANIX COM (David A. Bandel)
Date: Thu, 17 Feb 2000 10:38:24 -0500


Aren't those some of the compromised hosts from the DDoS attack?
Apparently, they're still not fixed.

Ciao,

David A. Bandel

--
Focus on the dream, not the competition.
                -- Nemesis Racing Team motto

Robert Lau wrote:


Similar scan here.  They're going through our hosts in alphabetical
order.  Contacting linkline.com.  All times PST.

  YYYYMMDD hhmmss
  20000215 193224 ain.usc.edu sshd[6775]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000215 193224 ain.usc.edu sshd[6776]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000215 193739 alpha.usc.edu sshd[12224]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000215 193739 alpha.usc.edu sshd[12223]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  ...
  20000216 130402 tobor.usc.edu sshd[19308]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000216 130402 tobor.usc.edu sshd[19309]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000216 130434 topaz.usc.edu sshd[29650]: refused connect from
dsl-cvd-ds11047-2.linkline.com
  20000216 130434 topaz.usc.edu sshd[29651]: refused connect from
dsl-cvd-ds11047-2.linkline.com

Robert Lau
Information Services Division - Core Services
University of Southern California

Current thread:

succesful crack, (continued)
- succesful crack Bob Lockie (Feb 15)
  - Re: succesful crack Gene Harris (Feb 16)
    - Re: succesful crack **read nine (Feb 17)
    - Re: succesful crack R. Gupta (Feb 17)
- Port Scanning (perhaps related to "A very strange port scan") Warren Belfer (Feb 15)
- MASSIVE ssh attack attempt Mark Shirley (Feb 15)
  - Re: MASSIVE ssh attack attempt Omachonu Ogali (Feb 16)
    - Re: MASSIVE ssh attack attempt Jose Nazario (Feb 17)
    - Re: MASSIVE ssh attack attempt Brendan Grieve (Feb 17)
  - Re: MASSIVE ssh attack attempt Robert Lau (Feb 16)
    - Re: MASSIVE ssh attack attempt David A. Bandel (Feb 17)
    - Re: MASSIVE ssh attack attempt Robert Lau (Feb 17)
  - Re: MASSIVE ssh attack attempt Filip M. Gieszczykiewicz (Feb 17)
    - Re: MASSIVE ssh attack attempt Robert Graham (Feb 18)
    - Undernet/telnet attempts? SecOrg (Feb 18)
    - Re: Undernet/telnet attempts? Opus (Feb 21)
    - Re: Undernet/telnet attempts? Jonathan Levy (Feb 21)
    - Re: Undernet/telnet attempts? Tibor, Mike (Feb 22)
    - Re: Undernet/telnet attempts? Brendan Grieve (Feb 22)