Re: SSH attacks?

From: brandy (brandy_at_klammeraffe.org)
Date: 07/28/04

  • Next message: Chris Brenton: "Re: SSH attacks?"
    To: incidents@securityfocus.com
    Date: Wed, 28 Jul 2004 06:33:22 +0200
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi et al,

    I found the following on our world wide SLA matrix.

    Started: Jul 27 2004 15:18:15 GMT
    Latest: Jul 27 23:00:57 GMT

    Number of Scans: 454

    Useraccounts tested:
            test,
            guest,
            admin

    One ot the IP address trying is going through lots of nets

    Example log:
    Jul 27 15:18:15 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16337]: Illegal
    user test from 218.244.240.195
    Jul 27 15:18:13 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18539]: Illegal
    user test from 218.244.240.195
    Jul 27 15:18:18 206.24.144.50 IP-EUROPE-BELGIUM-BRU /bin/sshd[16338]: Illegal
    user guest from 218.244.240.195
    Jul 27 15:18:16 206.24.136.50 IP-EUROPE-SPAIN-MAD /bin/sshd[18540]: Illegal
    user guest from 218.244.240.19

    Source IPs:
    134.21.2.227
    195.145.50.98
    195.225.129.20
    202.154.208.50
    202.71.136.123
    203.141.151.156
    208.14.142.3
    208.226.76.251
    210.40.224.10
    210.92.210.67
    211.184.226.193
    211.22.117.121
    211.222.102.29
    211.63.129.131
    212.89.103.132
    216.55.164.10
    218.103.33.212
    218.244.240.195
    219.103.193.130
    219.120.54.178
    220.80.108.73
    61.109.156.5
    61.109.250.92
    61.19.194.13
    61.193.179.162
    61.222.98.114
    61.250.212.180
    63.166.192.149
    64.230.97.170
    66.172.158.2
    66.250.111.33
    66.28.238.195
    67.19.66.132
    80.242.100.55
    80.81.38.77
    81.8.206.35
    ::ffff:80.55.35.10

    Cheers,
     -mat-
            -mat-

    PS:
    Reality must take precedence over public relations, for Mother Nature
    cannot be fooled.
                    -- R.P. Feynman

    - --
    - -mat- filid brandy brandy@klammeraffe.org MB210-RIPE
    http://www.klammeraffe.org/~brandy/info/
    PGP PUBLIC KEY CODE NUMBER 0B3BCEB7
    Key fingerprint = A338 B65B 6898 772A 91A6 A70C 73E2 26FB 0B3B CEB7
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBByySc+Im+ws7zrcRAqEEAJ9KsypaeztoI1FAfYfjYG9LggdrZgCggcsL
    NoJhAfA38beZJxhdGJ7bVmU=
    =BDQb
    -----END PGP SIGNATURE-----


  • Next message: Chris Brenton: "Re: SSH attacks?"