Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Scriptkiddy?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
2manydjs
n00b
n00b


Joined: 01 Nov 2003
Posts: 30

PostPosted: Fri Oct 07, 2005 8:06 am    Post subject: Scriptkiddy? Reply with quote

Hi,
I was scanning through my log files, and I found a lot of sshd errors.
Code:
Oct  6 21:48:28 Gateway sshd[6946]: Invalid user iris from ::ffff:212.160.153.146
Oct  6 21:48:29 Gateway sshd[6948]: Invalid user bonnie from ::ffff:212.160.153.146 
Oct  6 21:48:30 Gateway sshd[6950]: Invalid user sparky from ::ffff:212.160.153.146
Oct  6 21:48:31 Gateway sshd[6952]: Invalid user clasic from ::ffff:212.160.153.146
Oct  6 21:48:32 Gateway sshd[6954]: Invalid user jamy from ::ffff:212.160.153.146
Oct  6 21:48:34 Gateway sshd[6956]: Invalid user david from ::ffff:212.160.153.146
Oct  6 21:48:35 Gateway sshd[6958]: Invalid user administrator from ::ffff:212.160.153.146
Oct  6 21:48:36 Gateway sshd[6960]: Invalid user info from ::ffff:212.160.153.146
Oct  6 21:48:37 Gateway sshd[6962]: Invalid user webmaster from ::ffff:212.160.153.146
Oct  6 21:48:38 Gateway sshd[6964]: Invalid user rebeca from ::ffff:212.160.153.146
Oct  6 21:48:54 Gateway sshd[6982]: Invalid user optic from ::ffff:212.160.153.146
Oct  6 21:48:55 Gateway sshd[6984]: Invalid user service from ::ffff:212.160.153.146
Oct  6 21:48:56 Gateway sshd[6986]: Invalid user admin from ::ffff:212.160.153.146
Oct  6 21:48:57 Gateway sshd[6988]: Invalid user danielle from ::ffff:212.160.153.146
Oct  6 21:48:58 Gateway sshd[6990]: Invalid user nexus from ::ffff:212.160.153.146
Oct  6 21:48:59 Gateway sshd[6992]: Invalid user arthur from ::ffff:212.160.153.146
Oct  6 21:49:00 Gateway sshd[6994]: Invalid user fred from ::ffff:212.160.153.146
Oct  6 21:49:01 Gateway sshd[6996]: Invalid user greg from ::ffff:212.160.153.146
Oct  6 21:49:02 Gateway sshd[6998]: Invalid user steve from ::ffff:212.160.153.146
Oct  6 21:49:03 Gateway sshd[7000]: Invalid user felix from ::ffff:212.160.153.146
Oct  6 21:49:04 Gateway sshd[7002]: Invalid user sandra from ::ffff:212.160.153.146
...
etc


When I scan it's ports, I get the following information.
Code:
Port Scan has started ...

Port Scanning host: 212.160.153.146

    Open TCP Port:    9      discard
    Open TCP Port:    13      daytime
    Open TCP Port:    22      ssh
    Open TCP Port:    25      smtp
    Open TCP Port:    37      time
    Open TCP Port:    53      domain
    Open TCP Port:    80      http
    Open TCP Port:    110      pop3
    Open TCP Port:    111      sunrpc
    Open TCP Port:    113      ident
    Open TCP Port:    443      https
    Open TCP Port:    694      ha-cluster
    Open TCP Port:    995      pop3s
    Open TCP Port:    1666   netview-aix-6

And maybe more, I'm still scanning..
From now on my sshd is only reachable from a small number of ip's, but what can I do against this kid/loser?

Thanks!
Back to top
View user's profile Send private message
kallamej
Administrator
Administrator


Joined: 27 Jun 2003
Posts: 4923
Location: Gothenburg, Sweden

PostPosted: Fri Oct 07, 2005 8:22 am    Post subject: Reply with quote

There are 16 pages in topic 210585 about these ssh breakin attempts. Please see and follow up to that thread.

Moved from Gentoo Chat to Duplicate Threads.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.freenode.net
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum