Re: [plug] Pinoy Admins - help: ACTIVE SYSTEM ATTACK!

louiemiranda Tue, 31 Jul 2001 02:15:36 -0700
he scanned u and trying to get in on your ssh daemon. :)



louiemiranda
------------------------------------
(axishift.ath.cx)


----- Original Message -----
From: "Edwin Casimero" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 31, 2001 4:14 PM
Subject: [plug] Pinoy Admins - help: ACTIVE SYSTEM ATTACK!


> Tulong mga pinoy!
>
> Hacker alert!
> I installed port sentry and got the following message in my e-mail.
> What is this guy trying to do?
> Anything I can do?
>
> Maraming salamat
> -Edwin Casimero-
>
>
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via wrappers with string: "ALL: 154.5.110.252"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via dropped route using command: "/sbin/route add -host
154.5.110.252 gw 127.0.0.1"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Jul 30 18:46:03 fil-web PAM_pwdb[23437]: authentication failure;
(uid=0) -> root for sshd service
> > Jul 30 18:46:03 fil-web sshd[23437]: Failed password for ROOT from
202.57.120.151 port 1430
> > Jul 30 21:49:50 fil-web PAM_pwdb[24274]: authentication failure;
(uid=0) -> fil-org for sshd service
> > Jul 30 21:49:50 fil-web sshd[24274]: Failed password for fil-org from
202.57.120.151 port 1040 ssh2
> > Jul 30 21:49:52 fil-web sshd[24274]: Disconnecting: Too many
authentication failures for fil-org
> > Jul 30 21:49:52 fil-web PAM_pwdb[24274]: 6 more authentication failures;
(uid=0) -> fil-org for sshd service
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via wrappers with string: "ALL: 154.5.110.252"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via dropped route using command: "/sbin/route add -host
154.5.110.252 gw 127.0.0.1"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> >
> > Unusual System Events
> > =-=-=-=-=-=-=-=-=-=-=
> > Jul 30 18:25:41 fil-web sshd[23229]: Accepted password for ROOT from
202.57.120.151 port 1428
> > Jul 30 18:46:03 fil-web PAM_pwdb[23437]: authentication failure;
(uid=0) -> root for sshd service
> > Jul 30 18:46:03 fil-web sshd[23437]: Failed password for ROOT from
202.57.120.151 port 1430
>
> > Jul 30 18:46:08 fil-web sshd[23437]: Accepted password for ROOT from
202.57.120.151 port 1430
> > Jul 30 21:49:50 fil-web PAM_pwdb[24274]: authentication failure;
(uid=0) -> fil-org for sshd service
> > Jul 30 21:49:50 fil-web sshd[24274]: Failed password for fil-org from
202.57.120.151 port 1040 ssh2
> > Jul 30 21:49:52 fil-web last message repeated 6 times
> > Jul 30 21:49:52 fil-web sshd[24274]: Disconnecting: Too many
authentication failures for fil-org
> > Jul 30 21:49:52 fil-web PAM_pwdb[24274]: 6 more authentication failures;
(uid=0) -> fil-org for sshd service
> > Jul 30 21:49:52 fil-web PAM_pwdb[24274]: service(sshd) ignoring max
retries; 7 > 3
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via wrappers with string: "ALL: 154.5.110.252"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host 154.5.110.252
has been blocked via dropped route using command: "/sbin/route add -host
154.5.110.252 gw 127.0.0.1"
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Connect from host:
ip252.kitchener3.dialup.canada.psi.net/154.5.110.252 to TCP port: 1080
> > Jul 30 23:55:38 fil-web portsentry[866]: attackalert: Host:
154.5.110.252 is already blocked. Ignoring
> > Jul 31 16:02:01 fil-web anacron[27338]: Updated timestamp for job
`cron.daily' to 2001-07-31
> >
> _
> Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
>

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]
Re: [plug] Pinoy Admins - help: ACTIVE SYSTEM ATTACK!

Reply via email to
