New (for me): a distributed ssh attack. ... / 2008-08-06

Koos van den Hout

2008-08-06 New (for me): a distributed ssh attack. ... 11 years ago
New (for me): a distributed ssh attack. All different IPs trying to log in as root. Which I disable on systems, so it all won't work. From the logs: 
Jul 10 02:02:06 idefix sshd[36927]: Failed unknown for illegal user root from 198.105.8.56 port 35529 ssh2
Jul 10 02:21:34 idefix sshd[37295]: Failed unknown for illegal user root from 216.65.214.88 port 52682 ssh2
Jul 10 02:41:58 idefix sshd[37692]: Failed unknown for illegal user root from 67.59.90.96 port 47163 ssh2
Jul 10 03:02:18 idefix sshd[39260]: Failed unknown for illegal user root from 139.29.176.237 port 57930 ssh2
Jul 10 03:22:56 idefix sshd[39933]: Failed unknown for illegal user root from 75.53.25.73 port 48376 ssh2
Seems like a nice distributed attack to circumvent tools that check for repeated attempts from one IP or with a too high rate. But, I still get the logcheck e-mail to point at and laugh, distributed ssh root attempts log. Probably all open proxies or part of some botnet.
Tags: ,
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004631 seconds.