Hack attempts
ne...
akabi at speakeasy.net
Sat Jul 24 15:56:48 UTC 2004
On Jul 24, 2004 at 06:48, Thomas Sapp in a soothing rage wrote:
>On Sat, 2004-07-24 at 06:28, Edwin Dicker wrote:
>> The last two days i got bugged by someone from korea and someone from japan.
>> his is what i find in my LogWatch :
>> --------------------- SSHD Begin ------------------------
>>
>>
>> Failed logins from these:
>> guest/password from ::ffff:211.119.136.170: 1 Time(s)
>> test/password from ::ffff:211.119.136.170: 1 Time(s)
>>
>> Illegal users from these:
>> guest/none from ::ffff:211.119.136.170: 1 Time(s)
>> guest/password from ::ffff:211.119.136.170: 1 Time(s)
>> test/none from ::ffff:211.119.136.170: 1 Time(s)
>> test/password from ::ffff:211.119.136.170: 1 Time(s)
>>
>> is this a known hack attempt by some sort of program ? because for both
>> tries the same usernames have been tried to use : guest and test
>>
>> cheers
>> Edwin
>I have seen a lot of this lately too. I've just started blocking each
>individual IP address as it comes up so they can't try again.
I've noticed these too. I do a
$IPT -A INPUT -s 192.168.52.0/24 -p tcp --syn --destination-port 22 -j ACCEPT
instead. This will only ssh packets for machines that are on my local
network. I have a duplicate rule for work machines that I connect
from. All other traffic gets dropped. Telnet is not running on any of
my machines.
N.Emile...
--
Registered Linux User # 125653 (http://counter.li.org)
Switch to: http://www.speakeasy.net/refer/190653
Love means nothing to a tennis player.
11:52:01 up 26 days, 5:07, 4 users, load average: 0.00, 0.00, 0.00
More information about the users
mailing list