Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » All Things Unix » SSH scanning.
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Forum FAQ ·Attitude Adjustment ·Linux docs ·DistroWatch ·OPLM ·FreeBSD Handbook
Linux Linux on the wall... »
« cleaning a deb system  
AuthorAll Replies


elboricua
El Subestimado
Premium
join:2001-08-12
Bronx, NY

1 edit		reply to elboricua
Re: SSH scanning.

Most of the IP's that have been scanning me are from Quebec and from the UK. In my case the usernames being tried are admin and user. With some root thrown in for good measure.

Some snippits from my logs.

Jul 19 14:42:02 Vulcan-Raven sshd[3959]: Illegal user admin from 213.86.59.248
Jul 19 14:42:02 Vulcan-Raven sshd[20578]: input_userauth_request: illegal user a
dmin
Jul 19 14:42:02 Vulcan-Raven sshd[20578]: Failed password for illegal user admin
 from 213.86.59.248 port 40497 ssh2
Jul 19 14:42:02 Vulcan-Raven sshd[20578]: Received disconnect from 213.86.59.248
: 11: Bye Bye
Jul 19 14:42:03 Vulcan-Raven sshd[6934]: Illegal user guest from 213.86.59.248
Jul 19 14:42:03 Vulcan-Raven sshd[30903]: input_userauth_request: illegal user g
uest
Jul 19 14:42:03 Vulcan-Raven sshd[30903]: Failed password for illegal user guest
 from 213.86.59.248 port 40525 ssh2
Jul 19 14:42:03 Vulcan-Raven sshd[30903]: Received disconnect from 213.86.59.248
: 11: Bye Bye
Jul 19 14:42:03 Vulcan-Raven sshd[32021]: Illegal user admin from 213.86.59.248
Jul 19 14:42:03 Vulcan-Raven sshd[9129]: input_userauth_request: illegal user ad
min
Jul 19 14:42:03 Vulcan-Raven sshd[9129]: Failed password for illegal user admin
from 213.86.59.248 port 40539 ssh2
Jul 19 14:42:04 Vulcan-Raven sshd[9129]: Received disconnect from 213.86.59.248:
 11: Bye Bye
Jul 19 14:42:04 Vulcan-Raven sshd[31823]: Illegal user admin from 213.86.59.248
Jul 19 14:42:04 Vulcan-Raven sshd[24870]: input_userauth_request: illegal user a
dmin

EDIT:

Added loginfo
to forum · permalink · · 2004-07-23 11:37:16 · (locked)


elboricua
El Subestimado
Premium
join:2001-08-12
Bronx, NY		reply to BeesTea
Thanks for the heads up. I just checked the logs on my firewall. Lots of "Illegal user test from" entries. More than usual. I normally get one or two a week. I have been getting 3 or 4 a day. Doing a whois on the IP's now.
to forum · permalink · · 2004-07-23 11:31:06 · (locked)
Thread is
Forums » Tech and Talk » OS and Software » All Things UnixLinux Linux on the wall... »
« cleaning a deb system  

Wednesday, 25-Nov 09:39:34 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [103] New AT&T Ad Campaign Hits Back At Verizon
· [87] Apple Joins AT&T Verizon Snark Fest
· [85] New Bill Takes Aim At Higher Verizon ETFs
· [41] In-Flight Internet Headed For Bumpy Landing?
· [32] Senators Want ACTA Made Public
· [30] Earthlink Suffers From Major E-mail Outage
· [30] AT&T Offers New Prepaid Wireless plans
· [28] Frontier Increases Modem Rental Fee
· [23] Despite Billions In USF Fees, U.S. Libraries Lack Bandwidth
· [17] Vivendi In Way Of Comcast's NBC Desires
Most people now reading
· Mysterious $800 Cash Deposit? [General Questions]
· Climate Change Scandal Erupts After Email Hack. [Security]
· [Rant] Damn Sermons through my speakers! [Rants, Raves, and Praise]
· Windows 7 boot manager editing questions [Microsoft Help]
· IPComms Free DIDs now with sip registration maybe?? [VOIP Tech Chat]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· Is Gear Score now the new requirement to get pug invite? [World of Warcraft]
· Samsung LCD TV No Picture but has Sound [Electronics]
· Came from FIOS to Comcast and.....I'm glad I did! [Comcast HSI]