Odd access activity

Net Llama! netllama
Mon Aug 23 07:53:39 PDT 2004


Its not just you.  I see the same exact attempts on several of my internet
facing boxes.  Looks like script kiddies hoping for easy access.

On Mon, 23 Aug 2004, Roger Oberholtzer wrote:

> I get the following in a server log quite often (more than once a day).
> All that changes is the IP address. What they are up to? Could it just
> be a probe? Trying a user called 'test', 'guest', 'admin' and 'user'?
> If anyone else has such users on an externally connected machine, make
> them secure for these users (at least). I am sure I am not the only
> target of such a probe. I am tempted top make such a user and see what
> they try. I wonder how I could see what password they are trying. Maybe
> they are not trying one. Just a blank one. The names look NTish, so I
> bet they are looking for unsecured Windows NT/2000/XP boxes. Anyone else
> see these?
>
> Aug 18 17:08:41 seaotter sshd[20626]: input_userauth_request: illegal
> user test
> Aug 18 17:08:41 seaotter sshd[20626]: Failed password for illegal user
> test from 210.223.178.180 port 44600 ssh2
> Aug 18 17:08:44 seaotter sshd[20627]: input_userauth_request: illegal
> user guest
> Aug 18 17:08:44 seaotter sshd[20627]: Failed password for illegal user
> guest from 210.223.178.180 port 44913 ssh2
> Aug 18 17:08:47 seaotter sshd[20628]: input_userauth_request: illegal
> user admin
> Aug 18 17:08:47 seaotter sshd[20628]: Failed password for illegal user
> admin from 210.223.178.180 port 45150 ssh2
> Aug 18 17:08:50 seaotter sshd[20629]: input_userauth_request: illegal
> user admin
> Aug 18 17:08:50 seaotter sshd[20629]: Failed password for illegal user
> admin from 210.223.178.180 port 45385 ssh2
> Aug 18 17:08:52 seaotter sshd[20630]: input_userauth_request: illegal
> user user
> Aug 18 17:08:52 seaotter sshd[20630]: Failed password for illegal user
> user from 210.223.178.180 port 45623 ssh2
>
>
> +????????????????????????????+???????????????????????????????+
> ? Roger Oberholtzer          ?   E-mail: roger at opq.se        ?
> ? OPQ Systems AB             ?      WWW: http://www.opq.se/  ?
> ? Nybrogatan 66 nb           ?    Phone: Int + 46 8   314223 ?
> ? 114 41 Stockholm           ?   Mobile: Int + 46 733 621657 ?
> ? Sweden                     ?      Fax: Int + 46 8   314223 ?
> +????????????????????????????+???????????????????????????????+
>
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mail.linux-sxs.org/cgi-bin/mailman/listinfo/linux-users
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman                                netllama at linux-sxs.org
Linux Step-by-step & TyGeMo                  http://netllama.ipfox.com


More information about the Linux-users mailing list