[Intrusions] Re: FYI - SSH bruteforcing
Tom Glaab
tglaab at clutter.com
Fri Dec 3 12:09:51 GMT 2004
Andrew Daviel wrote:
>Recently we had a brute-force attempt to guess SSH passwords from a
>machine in taiwan 203.95.227.177 (www.shark-tw.net)
>
>The process identifies itself as SSH-2.0-libssh-0.1 and tries to guess
>passwords for the users root,admin, test and guest.
>
I'm seeing them several times a week. The list of "users" is growing
too. This is yesterday's collection from one box (reported by LogWatch):
Illegal users from these:
andrew/none from 66.36.241.244: 1 Time(s)
andrew/password from 66.36.241.244: 1 Time(s)
angel/none from 66.36.241.244: 1 Time(s)
angel/password from 66.36.241.244: 1 Time(s)
barbara/none from 66.36.241.244: 1 Time(s)
barbara/password from 66.36.241.244: 1 Time(s)
ben/none from 66.36.241.244: 1 Time(s)
ben/password from 66.36.241.244: 1 Time(s)
betty/none from 66.36.241.244: 1 Time(s)
betty/password from 66.36.241.244: 1 Time(s)
billy/none from 66.36.241.244: 1 Time(s)
billy/password from 66.36.241.244: 1 Time(s)
black/none from 66.36.241.244: 1 Time(s)
black/password from 66.36.241.244: 1 Time(s)
blue/none from 66.36.241.244: 1 Time(s)
blue/password from 66.36.241.244: 1 Time(s)
brandon/none from 66.36.241.244: 1 Time(s)
brandon/password from 66.36.241.244: 1 Time(s)
brian/none from 66.36.241.244: 1 Time(s)
brian/password from 66.36.241.244: 1 Time(s)
buddy/none from 66.36.241.244: 1 Time(s)
buddy/password from 66.36.241.244: 1 Time(s)
carmen/none from 66.36.241.244: 1 Time(s)
carmen/password from 66.36.241.244: 1 Time(s)
charlie/none from 66.36.241.244: 1 Time(s)
charlie/password from 66.36.241.244: 1 Time(s)
cosmin/none from 211.33.175.54: 1 Time(s)
cosmin/password from 211.33.175.54: 1 Time(s)
cyrus/none from 211.33.175.54: 1 Time(s)
cyrus/password from 211.33.175.54: 1 Time(s)
daniel/none from 66.36.241.244: 1 Time(s)
daniel/password from 66.36.241.244: 1 Time(s)
david/none from 66.36.241.244: 1 Time(s)
david/password from 66.36.241.244: 1 Time(s)
dog/none from 66.36.241.244: 1 Time(s)
dog/password from 66.36.241.244: 1 Time(s)
emily/none from 66.36.241.244: 1 Time(s)
emily/password from 66.36.241.244: 1 Time(s)
eric/none from 66.36.241.244: 1 Time(s)
eric/password from 66.36.241.244: 1 Time(s)
god/none from 66.36.241.244: 1 Time(s)
god/password from 66.36.241.244: 1 Time(s)
green/none from 66.36.241.244: 1 Time(s)
green/password from 66.36.241.244: 1 Time(s)
henry/none from 66.36.241.244: 1 Time(s)
henry/password from 66.36.241.244: 1 Time(s)
horde/none from 211.33.175.54: 1 Time(s)
horde/password from 211.33.175.54: 1 Time(s)
iceuser/none from 211.33.175.54: 1 Time(s)
iceuser/password from 211.33.175.54: 1 Time(s)
irc/none from 211.33.175.54: 2 Time(s)
irc/password from 211.33.175.54: 2 Time(s)
jane/none from 211.33.175.54: 1 Time(s)
jane/none from 66.36.241.244: 1 Time(s)
jane/password from 211.33.175.54: 1 Time(s)
jane/password from 66.36.241.244: 1 Time(s)
jason/none from 66.36.241.244: 1 Time(s)
jason/password from 66.36.241.244: 1 Time(s)
jeremy/none from 66.36.241.244: 1 Time(s)
jeremy/password from 66.36.241.244: 1 Time(s)
joe/none from 66.36.241.244: 1 Time(s)
joe/password from 66.36.241.244: 1 Time(s)
johnny/none from 66.36.241.244: 1 Time(s)
johnny/password from 66.36.241.244: 1 Time(s)
jordan/none from 66.36.241.244: 1 Time(s)
jordan/password from 66.36.241.244: 1 Time(s)
justin/none from 66.36.241.244: 1 Time(s)
justin/password from 66.36.241.244: 1 Time(s)
larisa/none from 66.36.241.244: 1 Time(s)
larisa/password from 66.36.241.244: 1 Time(s)
lion/none from 66.36.241.244: 1 Time(s)
lion/password from 66.36.241.244: 1 Time(s)
lucy/none from 66.36.241.244: 1 Time(s)
lucy/password from 66.36.241.244: 1 Time(s)
magic/none from 66.36.241.244: 1 Time(s)
magic/password from 66.36.241.244: 1 Time(s)
maria/none from 66.36.241.244: 1 Time(s)
maria/password from 66.36.241.244: 1 Time(s)
market/none from 66.36.241.244: 1 Time(s)
market/password from 66.36.241.244: 1 Time(s)
matt/none from 211.33.175.54: 1 Time(s)
matt/password from 211.33.175.54: 1 Time(s)
matthew/none from 66.36.241.244: 1 Time(s)
matthew/password from 66.36.241.244: 1 Time(s)
max/none from 66.36.241.244: 1 Time(s)
max/password from 66.36.241.244: 1 Time(s)
michael/none from 66.36.241.244: 1 Time(s)
michael/password from 66.36.241.244: 1 Time(s)
nathan/none from 66.36.241.244: 1 Time(s)
nathan/password from 66.36.241.244: 1 Time(s)
nicholas/none from 66.36.241.244: 1 Time(s)
nicholas/password from 66.36.241.244: 1 Time(s)
nicole/none from 66.36.241.244: 1 Time(s)
nicole/password from 66.36.241.244: 1 Time(s)
pamela/none from 211.33.175.54: 1 Time(s)
pamela/password from 211.33.175.54: 1 Time(s)
patrick/none from 211.33.175.54: 2 Time(s)
patrick/password from 211.33.175.54: 2 Time(s)
pub/none from 66.36.241.244: 1 Time(s)
pub/password from 66.36.241.244: 1 Time(s)
red/none from 66.36.241.244: 1 Time(s)
red/password from 66.36.241.244: 1 Time(s)
robin/none from 66.36.241.244: 1 Time(s)
robin/password from 66.36.241.244: 1 Time(s)
rolo/none from 211.33.175.54: 1 Time(s)
rolo/password from 211.33.175.54: 1 Time(s)
rose/none from 66.36.241.244: 1 Time(s)
rose/password from 66.36.241.244: 1 Time(s)
shell/none from 66.36.241.244: 1 Time(s)
shell/password from 66.36.241.244: 1 Time(s)
stephen/none from 66.36.241.244: 1 Time(s)
stephen/password from 66.36.241.244: 1 Time(s)
steven/none from 66.36.241.244: 1 Time(s)
steven/password from 66.36.241.244: 1 Time(s)
system/none from 66.36.241.244: 1 Time(s)
system/password from 66.36.241.244: 1 Time(s)
test/none from 211.33.175.54: 4 Time(s)
test/password from 211.33.175.54: 4 Time(s)
tom/none from 66.36.241.244: 1 Time(s)
tom/password from 66.36.241.244: 1 Time(s)
vampire/none from 66.36.241.244: 1 Time(s)
vampire/password from 66.36.241.244: 1 Time(s)
william/none from 66.36.241.244: 1 Time(s)
william/password from 66.36.241.244: 1 Time(s)
www-data/none from 211.33.175.54: 1 Time(s)
www-data/password from 211.33.175.54: 1 Time(s)
www/none from 211.33.175.54: 1 Time(s)
www/password from 211.33.175.54: 1 Time(s)
wwwrun/none from 211.33.175.54: 1 Time(s)
wwwrun/password from 211.33.175.54: 1 Time(s)
yellow/none from 66.36.241.244: 1 Time(s)
yellow/password from 66.36.241.244: 1 Time(s)
tg.
More information about the Intrusions
mailing list