MORE SSH Hacking: heads-up

Brian Fahrlander brian at fahrlander.net
Fri Jul 30 09:45:22 UTC 2004


    From last night's LogWatch:
--------------------------------------------------------------------------

sshd:
   Invalid Users:
      Unknown Account: 7 Time(s)
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es  : 1 Time(s)

su:
   Sessions Opened:
      brian(uid=500) -> root: 1 Time(s)

------------------------------------------------------------------------

    Ok, guys- what do we do with this?  Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...

    I'll go save the log somewhere...

------------------------------------------------------------------------


-- 
------------------------------------------------------------------------
Brian Fahrländer                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040730/f5952472/attachment-0001.sig>


More information about the fedora-list mailing list