I had a nice little win on one of these just now.
One of my managed sites saw 704 attempts in less than 25 minutes (obviously a script), but the address used was a Japanese one with a /26 block allocation and usable admin and tech contact details, which makes it very easy to be real shitty to someone. :)
Mind you, a little nmap scanning comes back with a very interesting opsys: PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 443/tcp open https 1521/tcp closed oracle 5432/tcp closed postgres 8080/tcp closed http-proxy Device type: general purpose|media device Running: Linux 2.4.X, Pace embedded OS details: Linux 2.4.6 - 2.4.21, Pace digital cable TV receiver Uptime 35.883 days (since Wed Mar 9 11:40:49 2005)
Joshua Bassett wrote:
I was going through my auth.log file the other day and noticed that someone (possibly several machines) are trying to login to my box using a variety of "canned" usernames. Looks like they're trying to bruteforce their way in...they try maybe 20 usernames per day.
Has anyone else experienced this?
-- Howard. LANNet Computing Associates - Your Linux people <http://lannet.com.au> -- When you just want a system that works, you choose Linux; When you want a system that just works, you choose Microsoft. -- Flatter government, not fatter government; Get rid of the Australian states.
begin:vcard fn:Howard Lowndes n:Lowndes;Howard org:LANNet Computing Associates adr:;;PO Box 1174;Lavington;NSW;2641;Australia email;internet:howard [AT] lowndes [DOT] name tel;work:02 6040 0222 tel;fax:02 6040 0222 tel;cell:0419 464 430 note:I am heartily sick and tired of telemarketers, therefore I do not answer phone calls which do not present Caller Line Identification, they get flicked to voicemail. I apologise if this inconveniences you, and I respect your right to not identify yourself, but I also ask that you respect my right to not answer your call if you choose not to identify yourself. Try dialing 1832 (#32# from mobiles) before the number, to present Caller Line Identification. x-mozilla-html:FALSE url:http://www.lannet.com.au version:2.1 end:vcard
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
