[Intrusions] Bestonsearch.com
Esler, Joel - Contractor
joel.esler at rcert-s.army.mil
Mon Aug 30 14:46:06 GMT 2004
I've seen the NODEVssh action before. Usually this is a result of a
cron job running ssh as a client.
-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org] On Behalf Of Terje Trane
Sent: Monday, August 30, 2004 10:03 AM
To: 'Intrusions List (GCIA Practicals)'
Subject: [Intrusions] Bestonsearch.com
What is going on here?
Aug 30 10:40:42 webserver sshd(pam_unix)[22351]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=bestonsearch.com Aug 30
10:40:47 webserver sshd(pam_unix)[22353]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=bestonsearch.com
user=root Aug 30 10:40:51 webserver sshd(pam_unix)[22355]:
authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=bestonsearch.com user=root Aug 30 10:40:55 webserver
sshd(pam_unix)[22357]: authentication failure; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=bestonsearch.com user=root Aug 30 10:40:59
webserver sshd(pam_unix)[22359]: check pass; user unknown
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list