MORE SSH Hacking: heads-up
Res
res at ausics.net
Sat Jul 31 04:29:42 UTC 2004
its korean
Most of us in *.au are seeing shitloads of it, not just ssh but telnet as
well
On Fri, 30 Jul 2004, jludwig wrote:
> On Fri, 2004-07-30 at 05:45, Brian Fahrlander wrote:
>> From last night's LogWatch:
>> --------------------------------------------------------------------------
>>
>> sshd:
>> Invalid Users:
>> Unknown Account: 7 Time(s)
>> Unknown Entries:
>> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
>> rhost=johnstongrain.com : 2 Time(s)
>> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
>> rhost=smms-mriley09d.chemistry.uq.edu.au : 2 Time(s)
>> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
>> rhost=211.117.191.70 : 1 Time(s)
>> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
>> rhost=216.97.110.1 : 1 Time(s)
>> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
>> rhost=ccia-062-204-197-193.uned.es : 1 Time(s)
>>
>> su:
>> Sessions Opened:
>> brian(uid=500) -> root: 1 Time(s)
>>
>> ------------------------------------------------------------------------
>>
>> Ok, guys- what do we do with this? Should we be writing down the
>> addresses from which these attempts were made? They're probably all
>> 'stooge' addresses, I know, but it might help authorities to know what
>> other machines have been compromised...
>>
>> I'll go save the log somewhere...
>>
>> ------------------------------------------------------------------------
> Search results for: 211.117.191.70
> OrgName: Asia Pacific Network Information Centre
> OrgID: APNIC
> Address: PO Box 2131
> City: Milton
> StateProv: QLD
> PostalCode: 4064
> Country: AU
>
> ReferralServer: whois://whois.apnic.net
>
> NetRange: 210.0.0.0 - 211.255.255.255
> CIDR: 210.0.0.0/7
> NetName: APNIC-CIDR-BLK2
> NetHandle: NET-210-0-0-0-1
> Parent:
> NetType: Allocated to APNIC
> NameServer: NS1.APNIC.NET
> NameServer: NS3.APNIC.NET
> NameServer: NS4.APNIC.NET
> NameServer: NS.RIPE.NET
> NameServer: TINNIE.ARIN.NET
> NameServer: DNS1.TELSTRA.NET
> Comment: This IP address range is not registered in the ARIN database.
> Comment: For details, refer to the APNIC Whois Database via
> Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
> Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
> Comment: for the Asia Pacific region. APNIC does not operate networks
> Comment: using this IP address range and is not able to investigate
> Comment: spam or abuse reports relating to these addresses. For more
> Comment: help, refer to http://www.apnic.net/info/faq/abuse
> Comment:
> RegDate: 1996-07-01
> Updated: 2004-03-30
>
> OrgTechHandle: AWC12-ARIN
> OrgTechName: APNIC Whois Contact
> OrgTechPhone: +61 7 3858 3100
> OrgTechEmail: search-apnic-not-arin at apnic.net
>
> # ARIN WHOIS database, last updated 2004-07-29 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
> --
> jludwig <wralphie at comcast.net>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
--
Regards,
Res
More information about the fedora-list
mailing list