[brlug-general] Hackers
Scott Harney
scotth at scottharney.com
Tue Jul 27 10:33:05 CDT 2004
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I can't see any failed login attempts on my machine. But found this on
> the full disc list
>
> http://seclists.org/lists/fulldisclosure/2004/Jul/1121.html
Thanks for the link. I saw these too
minorthreat scotth # zcat /var/log/auth.log.*.gz | grep -i illegal
Jul 19 18:38:15 minorthreat sshd[6749]: Illegal user test from
::ffff:131.234.157.10
Jul 19 18:38:16 minorthreat sshd[6749]: Failed password for illegal user
test from ::ffff:131.234.157.10 port 39463 ssh2
Jul 19 18:38:18 minorthreat sshd[6751]: Failed password for illegal user
guest from ::ffff:131.234.157.10 port 39554 ssh2
Jul 19 18:38:19 minorthreat sshd[6753]: Illegal user admin from
::ffff:131.234.157.10
Jul 19 18:38:19 minorthreat sshd[6753]: Failed password for illegal user
admin from ::ffff:131.234.157.10 port 39601 ssh2
Jul 19 18:38:20 minorthreat sshd[6755]: Illegal user admin from
::ffff:131.234.157.10
Jul 19 18:38:20 minorthreat sshd[6755]: Failed password for illegal user
admin from ::ffff:131.234.157.10 port 39648 ssh2
Jul 19 18:38:22 minorthreat sshd[6757]: Illegal user user from
::ffff:131.234.157.10
Jul 19 18:38:22 minorthreat sshd[6757]: Failed password for illegal user
user from ::ffff:131.234.157.10 port 39697 ssh2
Jul 19 18:38:27 minorthreat sshd[6765]: Illegal user test from
::ffff:131.234.157.10
Jul 19 18:38:27 minorthreat sshd[6765]: Failed password for illegal user
test from ::ffff:131.234.157.10 port 39884 ssh2
Jul 13 22:56:34 minorthreat sshd[31992]: Illegal user test from
::ffff:131.234.66.101
Jul 13 22:56:36 minorthreat sshd[31992]: Failed password for illegal
user test from ::ffff:131.234.66.101 port 55200 ssh2
Jul 13 22:56:37 minorthreat sshd[31994]: Failed password for illegal
user guest from ::ffff:131.234.66.101 port 55235 ssh2
> - --
> Karthik Poobalsubramanian
> karthik at poobal.net
> On Tue, 27 Jul 2004, Kevin Bucknum wrote:
>
>
>>Looks like I've had two attempts on both accounts. All within a hour on Sunday.
>>
>>
>>----- Original Message -----
>>From: Will Lowe <wlowe at cox-internet.com>
>>Date: Tue, 27 Jul 2004 09:58:34 -0500
>>Subject: [brlug-general] Hackers
>>To: Brlug-general <general at brlug.net>
>>
>>
>>
>>Has anybody else had attempts to access their systems via SSH? My site
>>and several other site that I manage are showing attempts using the
>>guest and test user accounts from many different IP addresses mostly
>>from southeast Asia (Japan, Korea, etc)
>>
>>I'm think that it is some type of automated attempt. I also wonder if
>>the addresses could be forged.
>>
>>
>>Will Lowe
>>
>>_______________________________________________
>>General mailing list
>>General at brlug.net
>>http://brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFBBbuwq2REVCUrZC4RAtTdAJ9R6nh/VHaxAFgHMs+dhdqFReH98QCcCprt
> ZTJ+guQVlU/JGXNc0clf/5w=
> =SO2N
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://brlug.net/mailman/listinfo/general_brlug.net
>
--
Scott Harney <scotth at scottharney.com>
"Asking the wrong questions is the leading cause of wrong answers"
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
More information about the General
mailing list