Those attacks been going on for years now. I create on our core router long time back that will detect successive new ssh connections and block the source ip for 30minutes. Works very well.
/Eje Sent via BlackBerry from T-Mobile -----Original Message----- From: "Tom Sharples" <tsharp...@qorvus.com> Date: Fri, 1 May 2009 18:22:22 To: WISPA General List<wireless@wispa.org> Subject: [WISPA] Crude dictionary attack via ssh Spotted this a few minutes ago on one of our back-end servers. Didn't work, but worth noting. Tom S. May 2 01:05:12 QORVUS1 sshd[21728]: Illegal user lieu from 213.165.154.53 May 2 01:05:13 QORVUS1 sshd[21730]: Illegal user lilly from 213.165.154.53 May 2 01:05:15 QORVUS1 sshd[21739]: Illegal user linda from 213.165.154.53 May 2 01:05:17 QORVUS1 sshd[21751]: Illegal user ling from 213.165.154.53 May 2 01:05:18 QORVUS1 sshd[21754]: Illegal user lionel from 213.165.154.53 May 2 01:05:20 QORVUS1 sshd[21761]: Illegal user lis from 213.165.154.53 May 2 01:05:22 QORVUS1 sshd[21763]: Illegal user lisa from 213.165.154.53 May 2 01:05:22 QORVUS1 kernel: multicast May 2 01:05:23 QORVUS1 sshd[21765]: Illegal user liv from 213.165.154.53 May 2 01:05:25 QORVUS1 sshd[21768]: Illegal user liz from 213.165.154.53 May 2 01:05:26 QORVUS1 sshd[21806]: Illegal user liza from 213.165.154.53 May 2 01:05:28 QORVUS1 sshd[21808]: Illegal user loan from 213.165.154.53 May 2 01:05:30 QORVUS1 sshd[21810]: Illegal user logan from 213.165.154.53 May 2 01:05:31 QORVUS1 sshd[21812]: Illegal user lois from 213.165.154.53 May 2 01:05:33 QORVUS1 sshd[21814]: Illegal user lok from 213.165.154.53 May 2 01:05:35 QORVUS1 sshd[21817]: Illegal user loki from 213.165.154.53 May 2 01:05:37 QORVUS1 sshd[21819]: Illegal user lola from 213.165.154.53 May 2 01:05:38 QORVUS1 sshd[21821]: Illegal user long from 213.165.154.53 May 2 01:05:40 QORVUS1 sshd[21823]: Illegal user lorena from 213.165.154.53 May 2 01:05:42 QORVUS1 sshd[21825]: Illegal user lorene from 213.165.154.53 May 2 01:05:43 QORVUS1 sshd[21827]: Illegal user lorenzo from 213.165.154.53 May 2 01:05:45 QORVUS1 sshd[21830]: Illegal user lorna from 213.165.154.53 May 2 01:05:46 QORVUS1 sshd[21868]: Illegal user lotus from 213.165.154.53 May 2 01:05:48 QORVUS1 sshd[21870]: Illegal user lou from 213.165.154.53 May 2 01:05:50 QORVUS1 sshd[21881]: Illegal user louis from 213.165.154.53 May 2 01:05:51 QORVUS1 sshd[21888]: Illegal user luca from 213.165.154.53 May 2 01:05:53 QORVUS1 sshd[21891]: Illegal user lucas from 213.165.154.53 May 2 01:05:55 QORVUS1 sshd[21906]: Illegal user lucian from 213.165.154.53 May 2 01:05:56 QORVUS1 sshd[21912]: Illegal user lucky from 213.165.154.53 May 2 01:05:58 QORVUS1 sshd[21917]: Illegal user lucy from 213.165.154.53 May 2 01:05:59 QORVUS1 sshd[21921]: Illegal user ludwig from 213.165.154.53 May 2 01:06:01 QORVUS1 sshd[21923]: Illegal user luigi from 213.165.154.53 May 2 01:06:03 QORVUS1 sshd[22065]: Illegal user luis from 213.165.154.53 May 2 01:06:04 QORVUS1 sshd[22069]: Illegal user luke from 213.165.154.53 May 2 01:06:06 QORVUS1 sshd[22089]: Illegal user luna from 213.165.154.53 May 2 01:06:07 QORVUS1 sshd[22110]: Illegal user lupe from 213.165.154.53 May 2 01:06:09 QORVUS1 sshd[22112]: Illegal user luther from 213.165.154.53 May 2 01:06:11 QORVUS1 sshd[22114]: Illegal user luz from 213.165.154.53 May 2 01:06:12 QORVUS1 sshd[22116]: Illegal user ly from 213.165.154.53 May 2 01:06:14 QORVUS1 sshd[22118]: Illegal user lyn from 213.165.154.53 May 2 01:06:15 QORVUS1 sshd[22121]: Illegal user lynda from 213.165.154.53 May 2 01:06:17 QORVUS1 sshd[22123]: Illegal user lynn from 213.165.154.53 May 2 01:06:19 QORVUS1 sshd[22125]: Illegal user lysa from 213.165.154.53 May 2 01:06:20 QORVUS1 sshd[22127]: Illegal user mac from 213.165.154.53 May 2 01:06:22 QORVUS1 kernel: multicast May 2 01:06:22 QORVUS1 sshd[22129]: Illegal user macy from 213.165.154.53 May 2 01:06:24 QORVUS1 sshd[22131]: Illegal user mae from 213.165.154.53 May 2 01:06:25 QORVUS1 sshd[22134]: Illegal user pwla from 213.165.154.53 May 2 01:06:27 QORVUS1 sshd[22172]: Illegal user mama from 213.165.154.53 May 2 01:06:28 QORVUS1 sshd[22181]: Illegal user maeko from 213.165.154.53 May 2 01:06:30 QORVUS1 sshd[22190]: Illegal user magda from 213.165.154.53 May 2 01:06:32 QORVUS1 sshd[22192]: Illegal user maggie from 213.165.154.53 May 2 01:06:33 QORVUS1 sshd[22204]: Illegal user mai from 213.165.154.53 May 2 01:06:35 QORVUS1 sshd[22214]: Illegal user maia from 213.165.154.53 May 2 01:06:36 QORVUS1 sshd[22220]: Illegal user makoto from 213.165.154.53 May 2 01:06:38 QORVUS1 sshd[22223]: Illegal user mallory from 213.165.154.53 May 2 01:06:40 QORVUS1 sshd[22225]: Illegal user mandy from 213.165.154.53 May 2 01:06:41 QORVUS1 sshd[22227]: Illegal user marc from 213.165.154.53 May 2 01:06:43 QORVUS1 sshd[22229]: Illegal user marcel from 213.165.154.53 May 2 01:06:44 QORVUS1 sshd[22232]: Illegal user marco from 213.165.154.53 May 2 01:06:46 QORVUS1 sshd[22235]: Illegal user marcus from 213.165.154.53 May 2 01:06:48 QORVUS1 sshd[22272]: Illegal user margot from 213.165.154.53 May 2 01:06:49 QORVUS1 sshd[22274]: Illegal user mari from 213.165.154.53 May 2 01:06:51 QORVUS1 sshd[22276]: Illegal user maria from 213.165.154.53 May 2 01:06:53 QORVUS1 sshd[22278]: Illegal user mariah from 213.165.154.53 May 2 01:06:54 QORVUS1 sshd[22280]: Illegal user marie from 213.165.154.53 May 2 01:06:56 QORVUS1 sshd[22283]: Illegal user mariko from 213.165.154.53 May 2 01:06:57 QORVUS1 sshd[22285]: Illegal user marilyn from 213.165.154.53 May 2 01:06:59 QORVUS1 sshd[22287]: Illegal user marina from 213.165.154.53 May 2 01:07:01 QORVUS1 sshd[22289]: Illegal user mario from 213.165.154.53 May 2 01:07:02 QORVUS1 sshd[22317]: Illegal user marisa from 213.165.154.53 May 2 01:07:04 QORVUS1 sshd[22474]: Illegal user mark from 213.165.154.53 May 2 01:07:05 QORVUS1 sshd[22477]: Illegal user marka from 213.165.154.53 May 2 01:07:07 QORVUS1 sshd[22503]: Illegal user marta from 213.165.154.53 May 2 01:07:09 QORVUS1 sshd[22531]: Illegal user martin from 213.165.154.53 May 2 01:07:10 QORVUS1 sshd[22533]: Illegal user mary from 213.165.154.53 May 2 01:07:12 QORVUS1 sshd[22542]: Illegal user masako from 213.165.154.53 May 2 01:07:13 QORVUS1 sshd[22554]: Illegal user mason from 213.165.154.53 May 2 01:07:15 QORVUS1 sshd[22557]: Illegal user mateo from 213.165.154.53 May 2 01:07:17 QORVUS1 sshd[22564]: Illegal user matias from 213.165.154.53 May 2 01:07:18 QORVUS1 sshd[22566]: Illegal user matt from 213.165.154.53 May 2 01:07:20 QORVUS1 sshd[22568]: Illegal user matteo from 213.165.154.53 May 2 01:07:22 QORVUS1 sshd[22570]: Illegal user mauro from 213.165.154.53 May 2 01:07:22 QORVUS1 kernel: multicast May 2 01:07:23 QORVUS1 sshd[22572]: Illegal user max from 213.165.154.53 May 2 01:07:25 QORVUS1 sshd[22575]: Illegal user maxim from 213.165.154.53 May 2 01:07:26 QORVUS1 sshd[22578]: Illegal user maxima from 213.165.154.53 May 2 01:07:28 QORVUS1 sshd[22615]: Illegal user maya from 213.165.154.53 May 2 01:07:30 QORVUS1 sshd[22617]: Illegal user meg from 213.165.154.53 May 2 01:07:31 QORVUS1 sshd[22619]: Illegal user megan from 213.165.154.53 May 2 01:07:33 QORVUS1 sshd[22621]: Illegal user megara from 213.165.154.53 May 2 01:07:34 QORVUS1 sshd[22624]: Illegal user mel from 213.165.154.53 May 2 01:07:36 QORVUS1 sshd[22626]: Illegal user melissa from 213.165.154.53 May 2 01:07:38 QORVUS1 sshd[22628]: Illegal user michael from 213.165.154.53 May 2 01:07:39 QORVUS1 sshd[22630]: Illegal user michel from 213.165.154.53 May 2 01:07:41 QORVUS1 sshd[22632]: Illegal user mick from 213.165.154.53 May 2 01:07:43 QORVUS1 sshd[22634]: Illegal user mickey from 213.165.154.53 May 2 01:07:45 QORVUS1 sshd[22637]: Illegal user mike from 213.165.154.53 May 2 01:07:46 QORVUS1 sshd[22649]: Illegal user mikel from 213.165.154.53 May 2 01:07:48 QORVUS1 sshd[22674]: Illegal user miki from 213.165.154.53 May 2 01:07:49 QORVUS1 sshd[22693]: Illegal user milo from 213.165.154.53 May 2 01:07:51 QORVUS1 sshd[22695]: Illegal user mindy from 213.165.154.53 May 2 01:07:53 QORVUS1 sshd[22706]: Illegal user missy from 213.165.154.53 May 2 01:07:54 QORVUS1 sshd[22716]: Illegal user mistico from 213.165.154.53 May 2 01:07:56 QORVUS1 sshd[22719]: Illegal user mo from 213.165.154.53 May 2 01:07:58 QORVUS1 sshd[22726]: Illegal user mona from 213.165.154.53 May 2 01:07:59 QORVUS1 sshd[22728]: Illegal user monet from 213.165.154.53 May 2 01:08:01 QORVUS1 sshd[22730]: Illegal user monica from 213.165.154.53 May 2 01:08:02 QORVUS1 sshd[22795]: Illegal user monique from 213.165.154.53 May 2 01:08:04 QORVUS1 sshd[22980]: Illegal user morse from 213.165.154.53 May 2 01:08:06 QORVUS1 sshd[22983]: Illegal user mort from 213.165.154.53 May 2 01:08:07 QORVUS1 sshd[22986]: Illegal user moss from 213.165.154.53 May 2 01:08:09 QORVUS1 sshd[23024]: Illegal user murphy from 213.165.154.53 May 2 01:08:10 QORVUS1 sshd[23026]: Illegal user nadia from 213.165.154.53 May 2 01:08:12 QORVUS1 sshd[23028]: Illegal user nadie from 213.165.154.53 May 2 01:08:14 QORVUS1 sshd[23030]: Illegal user nadine from 213.165.154.53 May 2 01:08:15 QORVUS1 sshd[23033]: Illegal user naif from 213.165.154.53 May 2 01:08:17 QORVUS1 sshd[23035]: Illegal user nan from 213.165.154.53 May 2 01:08:19 QORVUS1 sshd[23037]: Illegal user nancy from 213.165.154.53 May 2 01:08:20 QORVUS1 sshd[23039]: Illegal user nash from 213.165.154.53 May 2 01:08:22 QORVUS1 sshd[23041]: Illegal user nat from 213.165.154.53 May 2 01:08:22 QORVUS1 kernel: multicast May 2 01:08:23 QORVUS1 sshd[23043]: Illegal user natalia from 213.165.154.53 May 2 01:08:25 QORVUS1 sshd[23046]: Illegal user natalie from 213.165.154.53 May 2 01:08:27 QORVUS1 sshd[23049]: Illegal user nathan from 213.165.154.53 May 2 01:08:28 QORVUS1 sshd[23064]: Illegal user nathalie from 213.165.154.53 May 2 01:08:30 QORVUS1 sshd[23102]: Illegal user natsu from 213.165.154.53 May 2 01:08:31 QORVUS1 sshd[23111]: Illegal user neil from 213.165.154.53 May 2 01:08:33 QORVUS1 sshd[23123]: Illegal user nelly from 213.165.154.53 May 2 01:08:35 QORVUS1 sshd[23126]: Illegal user nelson from 213.165.154.53 May 2 01:08:36 QORVUS1 sshd[23133]: Illegal user nen from 213.165.154.53 May 2 01:08:38 QORVUS1 sshd[23135]: Illegal user neo from 213.165.154.53 May 2 01:08:39 QORVUS1 sshd[23137]: Illegal user nero from 213.165.154.53 May 2 01:08:41 QORVUS1 sshd[23139]: Illegal user nestor from 213.165.154.53 May 2 01:08:43 QORVUS1 sshd[23141]: Illegal user nhi from 213.165.154.53 May 2 01:08:44 QORVUS1 sshd[23143]: Illegal user nhu from 213.165.154.53 May 2 01:08:46 QORVUS1 sshd[23147]: Illegal user nicholai from 213.165.154.53 May 2 01:08:47 QORVUS1 sshd[23149]: Illegal user nicholas from 213.165.154.53 May 2 01:08:49 QORVUS1 sshd[23173]: Illegal user nick from 213.165.154.53 May 2 01:08:51 QORVUS1 sshd[23188]: Illegal user nicki from 213.165.154.53 May 2 01:08:52 QORVUS1 sshd[23190]: Illegal user nico from 213.165.154.53 May 2 01:08:54 QORVUS1 sshd[23192]: Illegal user nicolas from 213.165.154.53 May 2 01:08:56 QORVUS1 sshd[23195]: Illegal user nikolas from 213.165.154.53 May 2 01:08:57 QORVUS1 sshd[23197]: Illegal user nicole from 213.165.154.53 May 2 01:08:59 QORVUS1 sshd[23199]: Illegal user nigel from 213.165.154.53 May 2 01:09:00 QORVUS1 sshd[23201]: Illegal user nike from 213.165.154.53 May 2 01:09:02 QORVUS1 sshd[23203]: Illegal user nikita from 213.165.154.53 May 2 01:09:04 QORVUS1 sshd[23337]: Illegal user nikkos from 213.165.154.53 May 2 01:09:05 QORVUS1 sshd[23340]: Illegal user nina from 213.165.154.53 May 2 01:09:07 QORVUS1 sshd[23353]: Illegal user noel from 213.165.154.53 May 2 01:09:08 QORVUS1 sshd[23359]: Illegal user nori from 213.165.154.53 May 2 01:09:10 QORVUS1 sshd[23401]: Illegal user norm from 213.165.154.53 May 2 01:09:12 QORVUS1 sshd[23414]: Illegal user norma from 213.165.154.53 May 2 01:09:13 QORVUS1 sshd[23417]: Illegal user norman from 213.165.154.53 May 2 01:09:15 QORVUS1 sshd[23425]: Illegal user norris from 213.165.154.53 May 2 01:09:17 QORVUS1 sshd[23427]: Illegal user norton from 213.165.154.53 May 2 01:09:18 QORVUS1 sshd[23429]: Illegal user nox from 213.165.154.53 May 2 01:09:20 QORVUS1 sshd[23431]: Illegal user nu from 213.165.154.53 May 2 01:09:21 QORVUS1 sshd[23433]: Illegal user nozomi from 213.165.154.53 May 2 01:09:22 QORVUS1 kernel: multicast May 2 01:09:23 QORVUS1 sshd[23438]: Illegal user nyx from 213.165.154.53 May 2 01:09:25 QORVUS1 sshd[23441]: Illegal user oki from 213.165.154.53 May 2 01:09:26 QORVUS1 sshd[23444]: Illegal user ok from 213.165.154.53 May 2 01:09:28 QORVUS1 sshd[23446]: Illegal user oky from 213.165.154.53 May 2 01:09:29 QORVUS1 sshd[23448]: Illegal user oke from 213.165.154.53 May 2 01:09:31 QORVUS1 sshd[23485]: Illegal user olga from 213.165.154.53 May 2 01:09:33 QORVUS1 sshd[23487]: Illegal user oliver from 213.165.154.53 May 2 01:09:34 QORVUS1 sshd[23489]: Illegal user on from 213.165.154.53 May 2 01:09:36 QORVUS1 sshd[23492]: Illegal user oprah from 213.165.154.53 May 2 01:09:37 QORVUS1 sshd[23494]: Illegal user orion from 213.165.154.53 May 2 01:09:39 QORVUS1 sshd[23496]: Illegal user otto from 213.165.154.53 May 2 01:09:41 QORVUS1 sshd[23498]: Illegal user owen from 213.165.154.53 May 2 01:09:42 QORVUS1 sshd[23500]: Illegal user oz from 213.165.154.53 May 2 01:09:44 QORVUS1 sshd[23502]: Illegal user ozzy from 213.165.154.53 May 2 01:09:45 QORVUS1 sshd[23519]: Illegal user pablo from 213.165.154.53 -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
