Attempted SSH Logins

James Harrison jamesaharrisonuk at yahoo.co.uk
Wed Aug 4 21:00:38 UTC 2004 

Ive had a company trying to hack my home system from Paris.

They didnt manage to do anything, and infact I found it quite a challenge.

I ran whois on the domain name and got their information.

I then got on to their website, found the webmaster email account and sent
them a very nasty rude email along with evidance of them attempting to access
my machine without permission.

Needless to say, I now dont have any problems from them.

James

--- Bob Smith <bob at netprt.com> wrote:

> If you do a dig -x, and then check some of the websites, you see that a 
> lot of these are coming out of Korea and China.  I've had the same 
> attempts on my systems and got curious.  Some were coming from the 
> Chemistry department of one of the Universities in China.
> 
> Also, one of the accounts being tried here is "guest" which is a common 
> Microsoft account.  Makes me wonder if they aren't looking to hack 
> Windows systems.
> 
> -Bob
> 
> Jenkins, Jeremiah wrote:
> 
> >There are some script kiddies out there running automated attacks.  If you
> >look at your secure log /var/log/secure, you will see that they try for a
> >few times then move on.  if you google on the error message you will find
> >numerous threads on the subject.
> >
> >-----Original Message-----
> >From: Nathaniel Hall [mailto:halln at otc.edu]
> >Sent: Tuesday, August 03, 2004 12:23 PM
> >To: redhat-list at redhat.com
> >Subject: Attempted SSH Logins
> >
> >
> >Hi all.
> >
> > 
> >
> >I have been monitoring our logs over the past several weeks using logwatch
> >and have noticed several of these entries (known entries omitted):
> >
> > 
> >
> >sshd:
> >
> >   Invalid Users:
> >
> >      Unknown Account: 5 Time(s)
> >
> >   Authentication Failures:
> >
> >      test (server.bes1.com ): 2 Time(s)
> >
> >      root (server.bes1.com ): 3 Time(s)
> >
> >      unknown (server.bes1.com ): 4 Time(s)
> >
> > 
> >
> >The source addresses vary.  I always see the same accounts from different
> >addresses with a different number of tries.  When I see these, there is
> only
> >one source, never a mix of sources.  The next day, it might be a different
> >source, but it is the only one.
> >
> > 
> >
> >Is anybody else seeing this in their logs where I shouldn't be as worried
> or
> >is this directed at us?
> >
> > 
> >
> > 
> >
> >~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >Nathaniel Hall
> >
> >Intrusion Detection and Firewall Technician
> >
> >Ozarks Technical Community College -- Office of Computer Networking
> >
> > 
> >
> >halln at otc.edu
> >
> >417-799-0552
> >
> > 
> >
> >  
> >
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

More information about the redhat-list mailing list