New (for me): a distributed ssh attack. ... / 2008-08-06

Koos van den Hout

2008-08-06 New (for me): a distributed ssh attack. ...
New (for me): a distributed ssh attack. All different IPs trying to log in as root. Which I disable on systems, so it all won't work. From the logs: 
Jul 10 02:02:06 idefix sshd[36927]: Failed unknown for illegal user root from 198.105.8.56 port 35529 ssh2
Jul 10 02:21:34 idefix sshd[37295]: Failed unknown for illegal user root from 216.65.214.88 port 52682 ssh2
Jul 10 02:41:58 idefix sshd[37692]: Failed unknown for illegal user root from 67.59.90.96 port 47163 ssh2
Jul 10 03:02:18 idefix sshd[39260]: Failed unknown for illegal user root from 139.29.176.237 port 57930 ssh2
Jul 10 03:22:56 idefix sshd[39933]: Failed unknown for illegal user root from 75.53.25.73 port 48376 ssh2
Seems like a nice distributed attack to circumvent tools that check for repeated attempts from one IP or with a too high rate. But, I still get the logcheck e-mail to point at and laugh, distributed ssh root attempts log. Probably all open proxies or part of some botnet.
Tags: ,

IPv6 check

Running test...

Archive

Browse the recent archive:
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
News archive
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.58 2022/12/12 15:34:31 koos Exp $ in 0.007955 seconds.