[Intrusions] FW: unauthorised root ssh exploit attmepts to our servers

kenneth gf brown ken at shadowplay.net
Wed Feb 2 18:53:54 GMT 2005 


> -----Original Message-----
> From: shadowplay.net [mailto:shadowplay at shadowplay.net] 
> Sent: February 2, 2005 12:38
> To: 'abuse at rutgers.edu'; 'netmanager at tdmx.rutgers.edu'
> Cc: 'intrusions at incidents.org'
> Subject: unauthorised root ssh exploit attmepts to our servers
> 
> 
> 
> there have been several attempts 
> to ssh to our servers as ROOT or admin
> from njlegallib.rutgers.edu
> 
> Failed logins from these:
>    admin/password from ::ffff:165.230.71.69: 2 Time(s)
>    guest/password from ::ffff:165.230.71.69: 1 Time(s)
>    root/password from ::ffff:165.230.71.69: 3 Time(s)
>    test/password from ::ffff:165.230.71.69: 2 Time(s)
>    user/password from ::ffff:165.230.71.69: 1 Time(s)
> 
> please note the exploit over time
> is this someone running a slow bruteforce ??? 
> 
> 
> kenneth gf brown 
> ceo shadowplay.net
> 
> 
> logs are GMT+6
> 
> Feb  1 20:17:27 focus sshd[31931]: Failed password for  test 
> from ::ffff:165.230.71.69 port 46601 ssh2 Feb  1 20:17:31 
> focus sshd[31933]: Failed password for  guest from 
> ::ffff:165.230.71.69 port 46793 ssh2 Feb  1 20:17:35 focus 
> sshd[31935]: Failed password for admin from 
> ::ffff:165.230.71.69 port 47012 ssh2 Feb  1 20:17:38 focus 
> sshd[31937]: Failed password for admin from 
> ::ffff:165.230.71.69 port 47192 ssh2 Feb  1 20:17:42 focus 
> sshd[31939]: Failed password for  user from 
> ::ffff:165.230.71.69 port 47274 ssh2 Feb  1 20:17:45 focus 
> sshd[31941]: Failed password for root from 
> ::ffff:165.230.71.69 port 47308 ssh2 Feb  1 20:17:49 focus 
> sshd[31943]: Failed password for root from 
> ::ffff:165.230.71.69 port 47337 ssh2 Feb  1 20:17:53 focus 
> sshd[31945]: Failed password for root from 
> ::ffff:165.230.71.69 port 47349 ssh2 Feb  1 20:17:56 focus 
> sshd[31947]: Failed password for  test from 
> ::ffff:165.230.71.69 port 47359 ssh2 Feb  2 03:26:27 focus 
> sshd[32021]: Failed password for  test from 
> ::ffff:165.230.71.69 port 60984 ssh2 Feb  2 03:26:30 focus 
> sshd[32023]: Failed password for  guest from 
> ::ffff:165.230.71.69 port 32956 ssh2 Feb  2 03:26:34 focus 
> sshd[32025]: Failed password for admin from 
> ::ffff:165.230.71.69 port 33183 ssh2 Feb  2 03:26:37 focus 
> sshd[32027]: Failed password for admin from 
> ::ffff:165.230.71.69 port 33339 ssh2 Feb  2 03:26:41 focus 
> sshd[32029]: Failed password for  user from 
> ::ffff:165.230.71.69 port 33417 ssh2 Feb  2 03:26:45 focus 
> sshd[32031]: Failed password for root from 
> ::ffff:165.230.71.69 port 33454 ssh2 Feb  2 03:26:48 focus 
> sshd[32033]: Failed password for root from 
> ::ffff:165.230.71.69 port 33484 ssh2 Feb  2 03:26:52 focus 
> sshd[32035]: Failed password for root from 
> ::ffff:165.230.71.69 port 33495 ssh2 Feb  2 03:26:55 focus 
> sshd[32037]: Failed password for  test from 
> ::ffff:165.230.71.69 port 33506 ssh2 Feb  2 03:43:36 focus 
> sshd[32041]: Failed password for  test from 
> ::ffff:165.230.71.69 port 36272 ssh2 Feb  2 03:43:39 focus 
> sshd[32043]: Failed password for  guest from 
> ::ffff:165.230.71.69 port 36496 ssh2 Feb  2 03:43:43 focus 
> sshd[32045]: Failed password for admin from 
> ::ffff:165.230.71.69 port 36705 ssh2 Feb  2 03:43:46 focus 
> sshd[32047]: Failed password for admin from 
> ::ffff:165.230.71.69 port 36933 ssh2 Feb  2 03:43:50 focus 
> sshd[32049]: Failed password for  user from 
> ::ffff:165.230.71.69 port 37096 ssh2 Feb  2 03:43:54 focus 
> sshd[32051]: Failed password for root from 
> ::ffff:165.230.71.69 port 37212 ssh2 Feb  2 03:43:57 focus 
> sshd[32053]: Failed password for root from 
> ::ffff:165.230.71.69 port 37278 ssh2 Feb  2 03:44:01 focus 
> sshd[32055]: Failed password for root from 
> ::ffff:165.230.71.69 port 37318 ssh2 Feb  2 03:44:04 focus 
> sshd[32057]: Failed password for  test from 
> ::ffff:165.230.71.69 port 37341 ssh2 Feb  2 04:06:49 focus 
> sshd[32560]: Failed password for  test from 
> ::ffff:165.230.71.69 port 40289 ssh2 Feb  2 04:06:53 focus 
> sshd[32562]: Failed password for  guest from 
> ::ffff:165.230.71.69 port 40488 ssh2 Feb  2 04:06:56 focus 
> sshd[32564]: Failed password for admin from 
> ::ffff:165.230.71.69 port 40720 ssh2 Feb  2 04:07:00 focus 
> sshd[32566]: Failed password for admin from 
> ::ffff:165.230.71.69 port 40939 ssh2 Feb  2 04:07:03 focus 
> sshd[32568]: Failed password for  user from 
> ::ffff:165.230.71.69 port 41229 ssh2 Feb  2 04:07:07 focus 
> sshd[32570]: Failed password for root from 
> ::ffff:165.230.71.69 port 41477 ssh2 Feb  2 04:07:11 focus 
> sshd[32572]: Failed password for root from 
> ::ffff:165.230.71.69 port 41736 ssh2 Feb  2 04:07:14 focus 
> sshd[32574]: Failed password for root from 
> ::ffff:165.230.71.69 port 41949 ssh2 Feb  2 04:07:18 focus 
> sshd[32576]: Failed password for  test from 
> ::ffff:165.230.71.69 port 42170 ssh2
> 
> 
> 
> 
> ken at shadowplay.net                      http://www.shadowplay.net 
> Phone:  204.284.3481                      Toll Free: 866.590.0023
> Mobile: 204.470.9158 
> 
> FOR CLIENT SUPPORT PLEASE CALL 204.470.9021
> or email support at shadowplay.net
> 
> 
>

More information about the Intrusions mailing list