MORE SSH Hacking: heads-up
Jamie Wilch
jamie at lvwn.com
Fri Jul 30 21:00:30 UTC 2004
Brian Fahrlander wrote:
> From last night's LogWatch:
> --------------------------------------------------------------------------
>
> sshd:
> Invalid Users:
> Unknown Account: 7 Time(s)
> Unknown Entries:
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=johnstongrain.com : 2 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=smms-mriley09d.chemistry.uq.edu.au : 2 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=211.117.191.70 : 1 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=216.97.110.1 : 1 Time(s)
> authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=ccia-062-204-197-193.uned.es : 1 Time(s)
>
> su:
> Sessions Opened:
> brian(uid=500) -> root: 1 Time(s)
>
> ------------------------------------------------------------------------
>
> Ok, guys- what do we do with this? Should we be writing down the
> addresses from which these attempts were made? They're probably all
> 'stooge' addresses, I know, but it might help authorities to know what
> other machines have been compromised...
>
> I'll go save the log somewhere...
>
> ------------------------------------------------------------------------
>
>
>
There's some good info about this at
http://lists.netsys.com/pipermail/full-disclosure/2004-July/024340.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040730/383732d8/attachment-0001.sig>
More information about the fedora-list
mailing list