Nothing special, change ssh port. ----- Original Message ----- From: "Philipp" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, October 22, 2007 2:36 PM Subject: [Full-disclosure] Distributed SSH username/password brute forceattack
> Hello, > > since this night I experience distributed SSH username/password > guessing brute force attacks. Anyone seen something similar? > > Up until this night always one host tried to guess username/password > combinations until it got banned by fail2ban. But now I see in my > logfiles: > > Oct 22 01:42:18 myhost sshd[2672]: error: PAM: Authentication failure > for illegal user root from xxxx.de > Oct 22 01:44:49 myhost sshd[2832]: error: PAM: Authentication failure > for illegal user root from xxxx.85 > Oct 22 01:47:16 myhost sshd[2981]: error: PAM: Authentication failure > for illegal user root from xxxx.86 > Oct 22 01:50:33 myhost sshd[3233]: error: PAM: Authentication failure > for illegal user root from xxxx.ar > Oct 22 01:52:38 myhost sshd[3307]: error: PAM: Authentication failure > for illegal user root from xxxx.be > Oct 22 01:55:34 myhost sshd[3551]: error: PAM: Authentication failure > for illegal user root from xxxx.106 > Oct 22 01:58:04 myhost sshd[3691]: error: PAM: Authentication failure > for illegal user root from xxxx.11 > Oct 22 02:00:44 myhost sshd[3999]: error: PAM: Authentication failure > for illegal user root from xxxx.cl > > The time is CEST and the attacks are still ongoing. > > kind regards, > > Philipp > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
