LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Tim Aslat <tim@spyderweb.com.au>
  To  : Linuxsa Mailing List <linuxsa@linuxsa.org.au>
  Date: Wed, 30 Apr 2003 10:17:51 +0930

suspicious behaviour

Hi All,

Did anyone else have a problem from this address last night?
It appears that someone spent over 15 minutes trying every common
username via ssh on one of my servers.
All attempts came from the same ip (66.96.222.130) which appears to be a
name server.

Cheers

Tim

<log snipped>
 Apr 29 17:46:27 redback sshd[66708]: error: Authentication failure
 Apr 29 17:46:27 redback sshd[66708]: error: Authentication failure
 Apr 29 17:46:28 redback sshd[66708]: error: Authentication failure
 Apr 29 17:46:28 redback sshd[66708]: Failed keyboard-interactive/pam
for test from 66.96.222.130 port 47744 ssh2 Apr 29 17:46:28 redback
sshd[66708]: Failed password for test from 66.96.222.130 port 47744 ssh2
Apr 29 17:46:40 redback sshd[66716]: Failed none for illegal user oracle
from 66.96.222.130 port 47767 ssh2 Apr 29 17:46:40 redback sshd[66716]:
Failed keyboard-interactive/pam for illegal user oracle from
66.96.222.130 port 47767 ssh2 Apr 29 17:46:41 redback sshd[66716]:
Failed keyboard-interactive/pam for illegal user oracle from
66.96.222.130 port 47767 ssh2
</snip>



-- 
Tim Aslat <tim@spyderweb.com.au>
Spyderweb Consulting
http://www.spyderweb.com.au
P: 82243020    M: 0401088479

-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.freenode.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page