ADMIN: email/lists
Ben Duncan
linux4ms at aim.com
Tue Dec 4 10:10:02 PST 2007
Here is sample of what I am seeing:
/etc/hosts.allow, line 49:
host name/address mismatch: 211.137.239.68 != iem.ac.cn
Dec 1 03:25:59 server proftpd[25719]: refused connect from 211.137.239.68
(211.137.239.68)
Dec 1 03:26:08 server proftpd[25720]: warning: /etc/hosts.allow, line 49: host
name/address mismatch: 211.137.239.68 != iem.ac.cn
Dec 1 03:26:08 server proftpd[25720]: refused connect from 211.137.239.68
(211.137.239.68)
Dec 1 09:06:21 server proftpd[25855]: warning: /etc/hosts.allow, line 49: can't
verify hostname: getaddrinfo(77-240-125-170.redes.acens.net, AF_I
NET) failed
Makes me think they are EVEN trying to spoof IP adresses now.
Besides the CHINA domain, get a ton from the domain "wandoo.fr" .
Bill Campbell wrote:Dec 1 03:25:59 server proftpd[25719]: warning:
> What I have seen in the last week or so is a huge increase in the
> number of sshd and proftpd dictionary attacks, some of which are
> in the hundreds/second for hours at a time from the same IP.
>
> Bill
> --
<SNIP>
--
Ben Duncan - Business Network Solutions, Inc. 336 Elton Road Jackson MS, 39212
"Never attribute to malice, that which can be adequately explained by stupidity"
- Hanlon's Razor
More information about the Linux-users
mailing list