| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Oct 2007 13:36:44 +0200 From: Philipp <subs07@...g.dhs.org> To: full-disclosure@...ts.grok.org.uk Subject: Distributed SSH username/password brute force attack Hello, since this night I experience distributed SSH username/password guessing brute force attacks. Anyone seen something similar? Up until this night always one host tried to guess username/password combinations until it got banned by fail2ban. But now I see in my logfiles: Oct 22 01:42:18 myhost sshd[2672]: error: PAM: Authentication failure for illegal user root from xxxx.de Oct 22 01:44:49 myhost sshd[2832]: error: PAM: Authentication failure for illegal user root from xxxx.85 Oct 22 01:47:16 myhost sshd[2981]: error: PAM: Authentication failure for illegal user root from xxxx.86 Oct 22 01:50:33 myhost sshd[3233]: error: PAM: Authentication failure for illegal user root from xxxx.ar Oct 22 01:52:38 myhost sshd[3307]: error: PAM: Authentication failure for illegal user root from xxxx.be Oct 22 01:55:34 myhost sshd[3551]: error: PAM: Authentication failure for illegal user root from xxxx.106 Oct 22 01:58:04 myhost sshd[3691]: error: PAM: Authentication failure for illegal user root from xxxx.11 Oct 22 02:00:44 myhost sshd[3999]: error: PAM: Authentication failure for illegal user root from xxxx.cl The time is CEST and the attacks are still ongoing. kind regards, Philipp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists