New (for me): a distributed ssh attack. ... / 2008-08-06

2008-08-06 New (for me): a distributed ssh attack. ...
New (for me): a distributed ssh attack. All different IPs trying to log in as root. Which I disable on systems, so it all won't work. From the logs:
Jul 10 02:02:06 idefix sshd[36927]: Failed unknown for illegal user root from 198.105.8.56 port 35529 ssh2
Jul 10 02:21:34 idefix sshd[37295]: Failed unknown for illegal user root from 216.65.214.88 port 52682 ssh2
Jul 10 02:41:58 idefix sshd[37692]: Failed unknown for illegal user root from 67.59.90.96 port 47163 ssh2
Jul 10 03:02:18 idefix sshd[39260]: Failed unknown for illegal user root from 139.29.176.237 port 57930 ssh2
Jul 10 03:22:56 idefix sshd[39933]: Failed unknown for illegal user root from 75.53.25.73 port 48376 ssh2
Seems like a nice distributed attack to circumvent tools that check for repeated attempts from one IP or with a too high rate. But, I still get the logcheck e-mail to point at and laugh, distributed ssh root attempts log. Probably all open proxies or part of some botnet.

Tags: ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.55 2021/11/09 13:09:49 koos Exp $ in 0.005794 seconds.