Security Incidents mailing list archives
Re: SSH attacks?
From: brandy <brandy () klammeraffe org>
Date: Wed, 28 Jul 2004 06:33:22 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi et al, I found the following on our world wide SLA matrix. Started: Jul 27 2004 15:18:15 GMT Latest: Jul 27 23:00:57 GMT Number of Scans: 454 Useraccounts tested: test, guest, admin One ot the IP address trying is going through lots of nets Example log: Jul 27 15:18:15 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16337]: Illegal user test from 218.244.240.195 Jul 27 15:18:13 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18539]: Illegal user test from 218.244.240.195 Jul 27 15:18:18 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16338]: Illegal user guest from 218.244.240.195 Jul 27 15:18:16 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18540]: Illegal user guest from 218.244.240.19 Source IPs: 134.21.2.227 195.145.50.98 195.225.129.20 202.154.208.50 202.71.136.123 203.141.151.156 208.14.142.3 208.226.76.251 210.40.224.10 210.92.210.67 211.184.226.193 211.22.117.121 211.222.102.29 211.63.129.131 212.89.103.132 216.55.164.10 218.103.33.212 218.244.240.195 219.103.193.130 219.120.54.178 220.80.108.73 61.109.156.5 61.109.250.92 61.19.194.13 61.193.179.162 61.222.98.114 61.250.212.180 63.166.192.149 64.230.97.170 66.172.158.2 66.250.111.33 66.28.238.195 67.19.66.132 80.242.100.55 80.81.38.77 81.8.206.35 ::ffff:80.55.35.10 Cheers, -mat- -mat- PS: Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman - -- - -mat- filid brandy brandy () klammeraffe org MB210-RIPE http://www.klammeraffe.org/~brandy/info/ PGP PUBLIC KEY CODE NUMBER 0B3BCEB7 Key fingerprint = A338 B65B 6898 772A 91A6 A70C 73E2 26FB 0B3B CEB7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBByySc+Im+ws7zrcRAqEEAJ9KsypaeztoI1FAfYfjYG9LggdrZgCggcsL NoJhAfA38beZJxhdGJ7bVmU= =BDQb -----END PGP SIGNATURE-----
Current thread:
- Re: SSH attacks?, (continued)
- Re: SSH attacks? Tom Laermans (Jul 27)
- Re: SSH attacks? buzz (Jul 27)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Chris Brenton (Jul 29)
- Re: SSH attacks? Valdis . Kletnieks (Jul 30)
- Re: SSH attacks? Thomas Hochstein (Jul 30)
- Re: SSH attacks? Matt Beland (Jul 30)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jyri Hovila (Jul 29)
- Re: SSH attacks? Jason Falciola (Jul 27)
- Re: SSH attacks? Paul Schmehl (Jul 27)
- Re: SSH attacks? brandy (Jul 28)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Marcus Merrin (Jul 29)
- Re: SSH attacks? Robin (Jul 30)
- RE: SSH attacks? Herman Frederick Ebeling Jr. (Jul 30)
- Re: SSH attacks? Brian C. Lane (Jul 30)
- Re: SSH attacks? Andrew J Caines (Jul 29)
- Re: SSH attacks? Mike Whitley (Jul 29)
- Re: SSH attacks? David Block (Jul 29)
- Re: SSH attacks? Bulgaro (Jul 29)
- Re: SSH attacks? John Bossert (Jul 30)
- RE: SSH attacks? M Shirk (Jul 30)