Message-ID: <52B574BC.6090503@baribault.net>
Date: Sat, 21 Dec 2013 06:00:12 -0500
From: Gary Baribault <gary@...ibault.net>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Fwd: NS1 ssh bad attempts

Drunk typing or an attempt using a vuln? Anyone seen this? It's an
attempted login to SSH in a fully patched CentOS server.

I'm on the road for a few hours, any questions will be answered this aft.

Gary B


-------- Original Message --------
Subject:     NS1 ssh bad attempts
Date:     Sat, 21 Dec 2013 03:16:39 -0500
From:     root@...p.baribault.net (root)
To:     gary@...p.baribault.net



Dec 20 19:57:48 garybaribaultnet sshd[6084]: Invalid user
\0034\002error!\002\003 from 64.147.222.2
Dec 20 19:57:48 garybaribaultnet sshd[6085]: input_userauth_request:
invalid user \0034\002error!\002\003
Dec 20 19:57:51 garybaribaultnet sshd[6084]: Failed password for invalid
user \0034\002error!\002\003 from 64.147.222.2 port 50259 ssh2
Dec 20 03:42:01 garybaribaultnet sshd[25317]: refused connect from
216.87.173.50 (216.87.173.50)
Dec 20 05:35:17 garybaribaultnet sshd[26506]: refused connect from
198.13.101.247 (198.13.101.247)
Dec 20 13:19:41 garybaribaultnet sshd[32622]: refused connect from
222.186.57.230 (222.186.57.230)
Dec 20 13:42:01 garybaribaultnet sshd[540]: refused connect from
199.71.214.66 (199.71.214.66)
Dec 20 13:59:16 garybaribaultnet sshd[761]: refused connect from
222.186.15.121 (222.186.15.121)
Dec 20 16:00:28 garybaribaultnet sshd[2834]: refused connect from
202.119.236.121 (202.119.236.121)
Dec 20 16:58:45 garybaribaultnet sshd[3725]: refused connect from
222.189.239.75 (222.189.239.75)
Dec 20 20:43:21 garybaribaultnet sshd[6557]: refused connect from
61.142.106.34 (61.142.106.34)



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists