Re: sequences in the auth.log

From: Nikolaj I. Potanin (nikolaj_at_drweb.ru)
Date: 08/13/04

  • Next message: Mohacsi Janos: "Re: sequences in the auth.log" 
    Date: Fri, 13 Aug 2004 18:12:11 +0400
To: freebsd-security@freebsd.org

    Hello,

    Someone is trying to pick-up a password for these accounts. Restrict
    your ssh service to your trusted networks only.

    > Hi all,
    > I found similar sequences in the
    > /var/auth.log files of freebsd boxes, I supervise.:
    > Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20
    > Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20
    > Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20
    > Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20
    > Aug 13 13:56:21 www sshd[26105]: Illegal user user from 165.21.103.20
    > Aug 13 13:56:25 www sshd[26107]: Failed password for root from
    > 165.21.103.20 port 39678 ssh2
    > Aug 13 13:56:28 www sshd[26109]: Failed password for root from
    > 165.21.103.20 port 39760 ssh2
    > Aug 13 13:56:32 www sshd[26111]: Failed password for root from
    > 165.21.103.20 port 39836 ssh2
    > Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20
    > Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57
    > Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57
    >
    > What are these? 

    -- 
Nikolaj I. Potanin, SA                          http://www.drweb.ru
ID Anti-Virus Lab (SalD Ltd)                    nikolaj@drweb.ru
St. Petersburg, Russia                          ph.: +7-812-3888624
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Mohacsi Janos: "Re: sequences in the auth.log"