|
Incidents
SSH attacks? Jul 26 2004 10:59PM Robin (robin kallisti net nz) (10 replies) Re: SSH attacks? Jul 28 2004 04:33AM brandy (brandy klammeraffe org) (2 replies) Re: SSH attacks? Jul 29 2004 12:22AM Andrew J Caines (A J Caines halplant com) (3 replies) Re: SSH attacks? Jul 27 2004 09:12PM buzz (reitenba fh-brandenburg de) (2 replies) Re: SSH attacks? Jul 27 2004 08:46PM Adam Young (adam vbfx com) (1 replies) Re: SSH attacks? Jul 28 2004 08:19AM Christine Kronberg (Christine_Kronberg genua de) (3 replies) Re: SSH attacks? Jul 29 2004 09:21AM Pieter-Bas IJdens (pieter-bas ijdens com) (2 replies) |
|
|
Privacy Statement |
Our block got hit by two in your list on July 24...
61.117.135.98 real.mv.hamers.co.jp
211.184.226.193 korea - pubnet address space
Looks like Linux boxen...anyone else check others?
- Mike
On Wed, 28 Jul 2004, brandy wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi et al,
>
> I found the following on our world wide SLA matrix.
>
> Started: Jul 27 2004 15:18:15 GMT
> Latest: Jul 27 23:00:57 GMT
>
> Number of Scans: 454
>
> Useraccounts tested:
> test,
> guest,
> admin
>
> One ot the IP address trying is going through lots of nets
>
> Example log:
> Jul 27 15:18:15 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16337]: Illegal
> user test from 218.244.240.195
> Jul 27 15:18:13 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18539]: Illegal
> user test from 218.244.240.195
> Jul 27 15:18:18 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16338]: Illegal
> user guest from 218.244.240.195
> Jul 27 15:18:16 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18540]: Illegal
> user guest from 218.244.240.19
>
> Source IPs:
> 134.21.2.227
> 195.145.50.98
> 195.225.129.20
> 202.154.208.50
> 202.71.136.123
> 203.141.151.156
> 208.14.142.3
> 208.226.76.251
> 210.40.224.10
> 210.92.210.67
> 211.184.226.193
> 211.22.117.121
> 211.222.102.29
> 211.63.129.131
> 212.89.103.132
> 216.55.164.10
> 218.103.33.212
> 218.244.240.195
> 219.103.193.130
> 219.120.54.178
> 220.80.108.73
> 61.109.156.5
> 61.109.250.92
> 61.19.194.13
> 61.193.179.162
> 61.222.98.114
> 61.250.212.180
> 63.166.192.149
> 64.230.97.170
> 66.172.158.2
> 66.250.111.33
> 66.28.238.195
> 67.19.66.132
> 80.242.100.55
> 80.81.38.77
> 81.8.206.35
> ::ffff:80.55.35.10
>
> Cheers,
> -mat-
> -mat-
>
> PS:
> Reality must take precedence over public relations, for Mother Nature
> cannot be fooled.
> -- R.P. Feynman
>
> - --
> - -mat- filid brandy brandy (at) klammeraffe (dot) org [email concealed] MB210-RIPE
> http://www.klammeraffe.org/~brandy/info/
> PGP PUBLIC KEY CODE NUMBER 0B3BCEB7
> Key fingerprint = A338 B65B 6898 772A 91A6 A70C 73E2 26FB 0B3B CEB7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFBByySc+Im+ws7zrcRAqEEAJ9KsypaeztoI1FAfYfjYG9LggdrZgCggcsL
> NoJhAfA38beZJxhdGJ7bVmU=
> =BDQb
> -----END PGP SIGNATURE-----
>
>
[ reply ]