MORE SSH Hacking: heads-up

Jamie Wilch jamie at lvwn.com
Fri Jul 30 21:00:30 UTC 2004



Brian Fahrlander wrote:
>     From last night's LogWatch:
> --------------------------------------------------------------------------
> 
> sshd:
>    Invalid Users:
>       Unknown Account: 7 Time(s)
>    Unknown Entries:
>       authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=johnstongrain.com  : 2 Time(s)
>       authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=smms-mriley09d.chemistry.uq.edu.au  : 2 Time(s)
>       authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=211.117.191.70  : 1 Time(s)
>       authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=216.97.110.1  : 1 Time(s)
>       authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=ccia-062-204-197-193.uned.es  : 1 Time(s)
> 
> su:
>    Sessions Opened:
>       brian(uid=500) -> root: 1 Time(s)
> 
> ------------------------------------------------------------------------
> 
>     Ok, guys- what do we do with this?  Should we be writing down the
> addresses from which these attempts were made? They're probably all
> 'stooge' addresses, I know, but it might help authorities to know what
> other machines have been compromised...
> 
>     I'll go save the log somewhere...
> 
> ------------------------------------------------------------------------
> 
> 
> 

There's some good info about this at

http://lists.netsys.com/pipermail/full-disclosure/2004-July/024340.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040730/383732d8/attachment-0001.sig>


More information about the fedora-list mailing list