that's true. check this out. Aug 18 01:20:22 suseserver sshd[9076]: Illegal user banks from ::ffff:211.43.207.169 Aug 18 01:20:25 suseserver sshd[9081]: Illegal user bankster from ::ffff:211.43.207.169 Aug 18 01:20:27 suseserver sshd[9089]: Illegal user banner from ::ffff:211.43.207.169 Aug 18 01:20:29 suseserver sshd[9094]: Illegal user banner from ::ffff:211.43.207.169 Aug 18 01:20:31 suseserver sshd[9099]: Illegal user bantuelle from ::ffff:211.43.207.169 Aug 18 01:22:01 suseserver sshd[9320]: Illegal user bastian from ::ffff:211.43.207.169 Aug 18 01:22:28 suseserver sshd[9388]: Illegal user bazannac from ::ffff:211.43.207.169 Aug 18 01:22:42 suseserver sshd[9423]: Illegal user bean from ::ffff:211.43.207.169 Aug 18 01:24:19 suseserver sshd[9657]: Illegal user berkman from ::ffff:211.43.207.169 Aug 18 01:24:55 suseserver sshd[9740]: Illegal user bertrand from ::ffff:211.43.207.169 Aug 18 01:25:01 suseserver sshd[9758]: Illegal user betancourt from ::ffff:211.43.207.169 Aug 18 01:25:05 suseserver sshd[9770]: Illegal user bethany from ::ffff:211.43.207.169 Aug 18 01:25:29 suseserver sshd[9833]: Illegal user biana from ::ffff:211.43.207.169 Aug 18 01:25:31 suseserver sshd[9838]: Illegal user bianca from ::ffff:211.43.207.169 Aug 18 01:25:33 suseserver sshd[9843]: Illegal user bianchi from ::ffff:211.43.207.169 Aug 18 01:25:47 suseserver sshd[9878]: Illegal user bierman from ::ffff:211.43.207.169 Aug 18 01:26:01 suseserver sshd[9913]: Illegal user billeand from ::ffff:211.43.207.169 Aug 18 01:27:26 suseserver sshd[10125]: Illegal user bittany from ::ffff:211.43.207.169 Aug 18 01:27:58 suseserver sshd[10200]: Illegal user blanchard from ::ffff:211.43.207.169 Aug 18 01:28:00 suseserver sshd[10205]: Illegal user blanco from ::ffff:211.43.207.169 Aug 18 01:28:02 suseserver sshd[10210]: Illegal user blandin from ::ffff:211.43.207.169 Aug 18 01:28:04 suseserver sshd[10215]: Illegal user blandon from ::ffff:211.43.207.169 Aug 18 01:28:06 suseserver sshd[10220]: Illegal user blankenship from ::ffff:211.43.207.169 Aug 18 01:28:08 suseserver sshd[10225]: Illegal user blanks from ::ffff:211.43.207.169 Aug 18 01:28:31 suseserver sshd[10283]: Illegal user bmorgan from ::ffff:211.43.207.169 Aug 18 01:29:06 suseserver sshd[10362]: Illegal user bogdan from ::ffff:211.43.207.169
--- Tito Mari Francis Escaño <[EMAIL PROTECTED]> wrote: > This may offend some members of this list, but > recently I personally > encountered this SSH Bruteforce activity, but not > only in my Linux > box, but on my OpenBSD (OBSD) testbox connected to > the net outside the > firewall. > > Before I used this OBSD, I used to have here a > Whitebox Linux so that > our associates can see our test web deployment, and > it was > (sickeningly) very slow to my surprise. I replaced > it with OBSD and > uploaded static HTML pages. Things were OK until the > screen reported > SSH connection request from an IP (211.234.100.76) > using tried > usernames and passwords, which I traced coming from > KIDC-GABIA (a > National Internet Registry) in Seoul, Korea using > whois. > > Anybody who can relate to this incident pls? > > On 8/4/05, Mhac Janapin <[EMAIL PROTECTED]> > wrote: > > On 8/3/05, JC de Villa <[EMAIL PROTECTED]> > wrote: > > > ++-----Original Message----- > > > ++From: [EMAIL PROTECTED] > [mailto:plug- > > > [EMAIL PROTECTED] On Behalf Of Mhac > Janapin > > > ++Sent: Wednesday, August 03, 2005 2:58 PM > > > ++To: The Main Philippine Linux Users' Group > (PLUG) Discussion List > > > ++Subject: [plug] Re: SSH Bruteforce Activity > > > ++ > > > ++323232 is just an exaggeration.. ;) > > > ++Anyways i switched it to 4444. ;) (any script > kiddies out here?) > > > [<-----snip----->] > > > Present! =Þ j/k. > > > > > > > _________________________________________________ > > > Philippine Linux Users' Group (PLUG) Mailing > List > > > [email protected] (#PLUG @ > irc.free.net.ph) > > > Read the Guidelines: http://linux.org.ph/lists > > > Searchable Archives: http://archives.free.net.ph > > > > > > > > > -- > > Mhac Janapin > > PBTS SysAd > > www.pbts.net.ph > > ============= > > http://mulingsilang.blogspot.com > > ============= > > I'm an Open Source Enthusiast. c",) > > Mozilla Firefox 1 - getfirefox.com > > Mozilla Thunderbird 1 - mozilla.org > > OpenOffice.org 1 > > ============= > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > [email protected] (#PLUG @ irc.free.net.ph) > > Read the Guidelines: http://linux.org.ph/lists > > Searchable Archives: http://archives.free.net.ph > > > > > -- > Tito Mari Francis H. Escaño > Computer Engineer and Free Software Proponent > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph > __________________________________ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
