Re: MORE SSH Hacking: heads-up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

its korean

Most of us in *.au are seeing shitloads of it, not just ssh but telnet as well


On Fri, 30 Jul 2004, jludwig wrote:

On Fri, 2004-07-30 at 05:45, Brian Fahrlander wrote: 
    From last night's LogWatch:
--------------------------------------------------------------------------

sshd:
   Invalid Users:
      Unknown Account: 7 Time(s)
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es  : 1 Time(s)

su:
   Sessions Opened:
      brian(uid=500) -> root: 1 Time(s)

------------------------------------------------------------------------

    Ok, guys- what do we do with this?  Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...

    I'll go save the log somewhere...

------------------------------------------------------------------------ 
Search results for: 211.117.191.70
       OrgName:    Asia Pacific Network Information Centre
       OrgID:      APNIC
       Address:    PO Box 2131
       City:       Milton
       StateProv:  QLD
       PostalCode: 4064
       Country:    AU

       ReferralServer: whois://whois.apnic.net

       NetRange:   210.0.0.0 - 211.255.255.255
       CIDR:       210.0.0.0/7
       NetName:    APNIC-CIDR-BLK2
       NetHandle:  NET-210-0-0-0-1
       Parent:
       NetType:    Allocated to APNIC
       NameServer: NS1.APNIC.NET
       NameServer: NS3.APNIC.NET
       NameServer: NS4.APNIC.NET
       NameServer: NS.RIPE.NET
       NameServer: TINNIE.ARIN.NET
       NameServer: DNS1.TELSTRA.NET
       Comment:    This IP address range is not registered in the ARIN database.
       Comment:    For details, refer to the APNIC Whois Database via
       Comment:    WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
       Comment:    ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
       Comment:    for the Asia Pacific region. APNIC does not operate networks
       Comment:    using this IP address range and is not able to investigate
       Comment:    spam or abuse reports relating to these addresses. For more
       Comment:    help, refer to http://www.apnic.net/info/faq/abuse
       Comment:
       RegDate:    1996-07-01
       Updated:    2004-03-30

       OrgTechHandle: AWC12-ARIN
       OrgTechName:   APNIC Whois Contact
       OrgTechPhone:  +61 7 3858 3100
       OrgTechEmail:  search-apnic-not-arin@xxxxxxxxx

       # ARIN WHOIS database, last updated 2004-07-29 19:10
       # Enter ? for additional hints on searching ARIN's WHOIS database.

--
jludwig <wralphie@xxxxxxxxxxx>


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list


--
Regards,
Res


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux