On Tue, Jul 31, 2001 at 04:50:34PM +0800, louiemiranda wrote:
> he scanned u and trying to get in on your ssh daemon. :)
Take a closer look. There are two distinct incidents in his logs,
originating from two completely unrelated IP addresses (PSInet Canada
and PLDT ADSL). The canadian script kiddie was trying to see if he
had an open proxy to use (which of course fails because our friend is
not even running a proxy...portsentry picked it up of course and
tossed the poor idiot into the can). The philippine one was
attempting to perform a password guessing attack on the ssh daemon.
They're even a couple of hours apart.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
G e++ h! r++ y+
------END GEEK CODE BLOCK------
PGP signature
