Attempted SSH Logins
James Harrison
jamesaharrisonuk at yahoo.co.uk
Wed Aug 4 21:00:38 UTC 2004
Ive had a company trying to hack my home system from Paris.
They didnt manage to do anything, and infact I found it quite a challenge.
I ran whois on the domain name and got their information.
I then got on to their website, found the webmaster email account and sent
them a very nasty rude email along with evidance of them attempting to access
my machine without permission.
Needless to say, I now dont have any problems from them.
James
--- Bob Smith <bob at netprt.com> wrote:
> If you do a dig -x, and then check some of the websites, you see that a
> lot of these are coming out of Korea and China. I've had the same
> attempts on my systems and got curious. Some were coming from the
> Chemistry department of one of the Universities in China.
>
> Also, one of the accounts being tried here is "guest" which is a common
> Microsoft account. Makes me wonder if they aren't looking to hack
> Windows systems.
>
> -Bob
>
> Jenkins, Jeremiah wrote:
>
> >There are some script kiddies out there running automated attacks. If you
> >look at your secure log /var/log/secure, you will see that they try for a
> >few times then move on. if you google on the error message you will find
> >numerous threads on the subject.
> >
> >-----Original Message-----
> >From: Nathaniel Hall [mailto:halln at otc.edu]
> >Sent: Tuesday, August 03, 2004 12:23 PM
> >To: redhat-list at redhat.com
> >Subject: Attempted SSH Logins
> >
> >
> >Hi all.
> >
> >
> >
> >I have been monitoring our logs over the past several weeks using logwatch
> >and have noticed several of these entries (known entries omitted):
> >
> >
> >
> >sshd:
> >
> > Invalid Users:
> >
> > Unknown Account: 5 Time(s)
> >
> > Authentication Failures:
> >
> > test (server.bes1.com ): 2 Time(s)
> >
> > root (server.bes1.com ): 3 Time(s)
> >
> > unknown (server.bes1.com ): 4 Time(s)
> >
> >
> >
> >The source addresses vary. I always see the same accounts from different
> >addresses with a different number of tries. When I see these, there is
> only
> >one source, never a mix of sources. The next day, it might be a different
> >source, but it is the only one.
> >
> >
> >
> >Is anybody else seeing this in their logs where I shouldn't be as worried
> or
> >is this directed at us?
> >
> >
> >
> >
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >Nathaniel Hall
> >
> >Intrusion Detection and Firewall Technician
> >
> >Ozarks Technical Community College -- Office of Computer Networking
> >
> >
> >
> >halln at otc.edu
> >
> >417-799-0552
> >
> >
> >
> >
> >
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
More information about the redhat-list
mailing list