Re: SSH attacks?

[brandy <brandy () klammeraffe org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi et al,

I found the following on our world wide SLA matrix.

Started:        Jul 27 2004 15:18:15 GMT
Latest: Jul 27 23:00:57 GMT

Number of Scans: 454

Useraccounts tested:
        test,
        guest,
        admin

One ot the IP address trying is going through lots of nets

Example log:
Jul 27 15:18:15 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16337]: Illegal 
user test from 218.244.240.195
Jul 27 15:18:13 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18539]: Illegal 
user test from 218.244.240.195
Jul 27 15:18:18 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16338]: Illegal 
user guest from 218.244.240.195
Jul 27 15:18:16 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18540]: Illegal 
user guest from 218.244.240.19

Source IPs:
134.21.2.227
195.145.50.98
195.225.129.20
202.154.208.50
202.71.136.123
203.141.151.156
208.14.142.3
208.226.76.251
210.40.224.10
210.92.210.67
211.184.226.193
211.22.117.121
211.222.102.29
211.63.129.131
212.89.103.132
216.55.164.10
218.103.33.212
218.244.240.195
219.103.193.130
219.120.54.178
220.80.108.73
61.109.156.5
61.109.250.92
61.19.194.13
61.193.179.162
61.222.98.114
61.250.212.180
63.166.192.149
64.230.97.170
66.172.158.2
66.250.111.33
66.28.238.195
67.19.66.132
80.242.100.55
80.81.38.77
81.8.206.35
::ffff:80.55.35.10

Cheers,
 -mat-
        -mat-

PS:
Reality must take precedence over public relations, for Mother Nature
cannot be fooled.
                -- R.P. Feynman

- -- 
- -mat- filid brandy   brandy () klammeraffe org   MB210-RIPE
http://www.klammeraffe.org/~brandy/info/
PGP PUBLIC KEY CODE NUMBER 0B3BCEB7
Key fingerprint = A338 B65B 6898 772A 91A6  A70C 73E2 26FB 0B3B CEB7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBByySc+Im+ws7zrcRAqEEAJ9KsypaeztoI1FAfYfjYG9LggdrZgCggcsL
NoJhAfA38beZJxhdGJ7bVmU=
=BDQb
-----END PGP SIGNATURE-----