[plug] Pinoy Admins - help: ACTIVE SYSTEM ATTACK!

Edwin Casimero Tue, 31 Jul 2001 01:14:46 -0700
Tulong mga pinoy!

Hacker alert!
I installed port sentry and got the following message in my e-mail.
What is this guy trying to do?
Anything I can do?

Maraming salamat
-Edwin Casimero-


> 
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via wrappers with string: "ALL: 154.5.110.252"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via dropped route using command: "/sbin/route add -host 154.5.110.252 gw 
>127.0.0.1"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> 
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Jul 30 18:46:03 fil-web PAM_pwdb[23437]: authentication failure; (uid=0) -> root for 
>sshd service
> Jul 30 18:46:03 fil-web sshd[23437]: Failed password for ROOT from 202.57.120.151 
>port 1430
> Jul 30 21:49:50 fil-web PAM_pwdb[24274]: authentication failure; (uid=0) -> fil-org 
>for sshd service
> Jul 30 21:49:50 fil-web sshd[24274]: Failed password for fil-org from 202.57.120.151 
>port 1040 ssh2
> Jul 30 21:49:52 fil-web sshd[24274]: Disconnecting: Too many authentication failures 
>for fil-org
> Jul 30 21:49:52 fil-web PAM_pwdb[24274]: 6 more authentication failures; (uid=0) -> 
>fil-org for sshd service
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via wrappers with string: "ALL: 154.5.110.252"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via dropped route using command: "/sbin/route add -host 154.5.110.252 gw 
>127.0.0.1"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> 
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Jul 30 18:25:41 fil-web sshd[23229]: Accepted password for ROOT from 202.57.120.151 
>port 1428
> Jul 30 18:46:03 fil-web PAM_pwdb[23437]: authentication failure; (uid=0) -> root for 
>sshd service
> Jul 30 18:46:03 fil-web sshd[23437]: Failed password for ROOT from 202.57.120.151 
>port 1430

> Jul 30 18:46:08 fil-web sshd[23437]: Accepted password for ROOT from 202.57.120.151 
>port 1430
> Jul 30 21:49:50 fil-web PAM_pwdb[24274]: authentication failure; (uid=0) -> fil-org 
>for sshd service
> Jul 30 21:49:50 fil-web sshd[24274]: Failed password for fil-org from 202.57.120.151 
>port 1040 ssh2
> Jul 30 21:49:52 fil-web last message repeated 6 times
> Jul 30 21:49:52 fil-web sshd[24274]: Disconnecting: Too many authentication failures 
>for fil-org
> Jul 30 21:49:52 fil-web PAM_pwdb[24274]: 6 more authentication failures; (uid=0) -> 
>fil-org for sshd service
> Jul 30 21:49:52 fil-web PAM_pwdb[24274]: service(sshd) ignoring max retries; 7 > 3
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via wrappers with string: "ALL: 154.5.110.252"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252 has been 
>blocked via dropped route using command: "/sbin/route add -host 154.5.110.252 gw 
>127.0.0.1"
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host: 
>ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host: 154.5.110.252 is already 
>blocked. Ignoring
> Jul 31 16:02:01 fil-web anacron[27338]: Updated timestamp for job `cron.daily' to 
>2001-07-31
> 
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]
[plug] Pinoy Admins - help: ACTIVE SYSTEM ATTACK!

Reply via email to
