On Fri, Jun 25, 2010 at 03:30:52AM -0500, Stan Hoeppner wrote:
> It appears someone has cracked/pwn3d your Debian host. That's an _outbound_
> SSH connection. 59.120.163.53 is HINET network space in Taiwan.
>
There are a lot of distributed ssh attacks on our network for the past
week or two. Just for the sake of interest, do you find any
146.232.0.0/16 addresses (addresses starting with 146.232) in your logs?
The attacks seems to come from botnets and this situation looks like a
typical example of a compromised pc used for such purposes.
Regards
Johann
--
Johann Spies Telefoon: 021-808 4599
Informasietegnologie, Universiteit van Stellenbosch
"Honour thy father and mother; which is the first
commandment with promise; That it may be well with
thee, and thou mayest live long on the earth."
Ephesians 6:2,3
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100625094027.gj31...@sun.ac.za
