MORE SSH Hacking: heads-up
Brian Fahrlander
brian at fahrlander.net
Fri Jul 30 09:45:22 UTC 2004
From last night's LogWatch:
--------------------------------------------------------------------------
sshd:
Invalid Users:
Unknown Account: 7 Time(s)
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com : 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au : 2 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70 : 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1 : 1 Time(s)
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es : 1 Time(s)
su:
Sessions Opened:
brian(uid=500) -> root: 1 Time(s)
------------------------------------------------------------------------
Ok, guys- what do we do with this? Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...
I'll go save the log somewhere...
------------------------------------------------------------------------
--
------------------------------------------------------------------------
Brian Fahrländer Christian, Conservative, and Technomad
Evansville, IN http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040730/f5952472/attachment-0001.sig>
More information about the fedora-list
mailing list