> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I can't see any failed login attempts on my machine. But found this on > the full disc list > > http://seclists.org/lists/fulldisclosure/2004/Jul/1121.html
Thanks for the link. I saw these too minorthreat scotth # zcat /var/log/auth.log.*.gz | grep -i illegal Jul 19 18:38:15 minorthreat sshd[6749]: Illegal user test from ::ffff:131.234.157.10 Jul 19 18:38:16 minorthreat sshd[6749]: Failed password for illegal user test from ::ffff:131.234.157.10 port 39463 ssh2 Jul 19 18:38:18 minorthreat sshd[6751]: Failed password for illegal user guest from ::ffff:131.234.157.10 port 39554 ssh2 Jul 19 18:38:19 minorthreat sshd[6753]: Illegal user admin from ::ffff:131.234.157.10 Jul 19 18:38:19 minorthreat sshd[6753]: Failed password for illegal user admin from ::ffff:131.234.157.10 port 39601 ssh2 Jul 19 18:38:20 minorthreat sshd[6755]: Illegal user admin from ::ffff:131.234.157.10 Jul 19 18:38:20 minorthreat sshd[6755]: Failed password for illegal user admin from ::ffff:131.234.157.10 port 39648 ssh2 Jul 19 18:38:22 minorthreat sshd[6757]: Illegal user user from ::ffff:131.234.157.10 Jul 19 18:38:22 minorthreat sshd[6757]: Failed password for illegal user user from ::ffff:131.234.157.10 port 39697 ssh2 Jul 19 18:38:27 minorthreat sshd[6765]: Illegal user test from ::ffff:131.234.157.10 Jul 19 18:38:27 minorthreat sshd[6765]: Failed password for illegal user test from ::ffff:131.234.157.10 port 39884 ssh2 Jul 13 22:56:34 minorthreat sshd[31992]: Illegal user test from ::ffff:131.234.66.101 Jul 13 22:56:36 minorthreat sshd[31992]: Failed password for illegal user test from ::ffff:131.234.66.101 port 55200 ssh2 Jul 13 22:56:37 minorthreat sshd[31994]: Failed password for illegal user guest from ::ffff:131.234.66.101 port 55235 ssh2 > - -- > Karthik Poobalsubramanian > [EMAIL PROTECTED] > On Tue, 27 Jul 2004, Kevin Bucknum wrote: > > >>Looks like I've had two attempts on both accounts. All within a hour on >>Sunday. >> >> >>----- Original Message ----- >>From: Will Lowe <[EMAIL PROTECTED]> >>Date: Tue, 27 Jul 2004 09:58:34 -0500 >>Subject: [brlug-general] Hackers >>To: Brlug-general <[email protected]> >> >> >> >>Has anybody else had attempts to access their systems via SSH? My site >>and several other site that I manage are showing attempts using the >>guest and test user accounts from many different IP addresses mostly >>from southeast Asia (Japan, Korea, etc) >> >>I'm think that it is some type of automated attempt. I also wonder if >>the addresses could be forged. >> >> >>Will Lowe >> >>_______________________________________________ >>General mailing list >>[email protected] >>http://brlug.net/mailman/listinfo/general_brlug.net >> >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.3 (GNU/Linux) > > iD8DBQFBBbuwq2REVCUrZC4RAtTdAJ9R6nh/VHaxAFgHMs+dhdqFReH98QCcCprt > ZTJ+guQVlU/JGXNc0clf/5w= > =SO2N > -----END PGP SIGNATURE----- > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
