[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1193053004.1843.13.camel@wintermute.lan.vlbg>
Date: Mon, 22 Oct 2007 13:36:44 +0200
From: Philipp <subs07@...g.dhs.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Distributed SSH username/password brute force
attack
Hello,
since this night I experience distributed SSH username/password
guessing brute force attacks. Anyone seen something similar?
Up until this night always one host tried to guess username/password
combinations until it got banned by fail2ban. But now I see in my
logfiles:
Oct 22 01:42:18 myhost sshd[2672]: error: PAM: Authentication failure
for illegal user root from xxxx.de
Oct 22 01:44:49 myhost sshd[2832]: error: PAM: Authentication failure
for illegal user root from xxxx.85
Oct 22 01:47:16 myhost sshd[2981]: error: PAM: Authentication failure
for illegal user root from xxxx.86
Oct 22 01:50:33 myhost sshd[3233]: error: PAM: Authentication failure
for illegal user root from xxxx.ar
Oct 22 01:52:38 myhost sshd[3307]: error: PAM: Authentication failure
for illegal user root from xxxx.be
Oct 22 01:55:34 myhost sshd[3551]: error: PAM: Authentication failure
for illegal user root from xxxx.106
Oct 22 01:58:04 myhost sshd[3691]: error: PAM: Authentication failure
for illegal user root from xxxx.11
Oct 22 02:00:44 myhost sshd[3999]: error: PAM: Authentication failure
for illegal user root from xxxx.cl
The time is CEST and the attacks are still ongoing.
kind regards,
Philipp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists