[ale] Hack of the month...
James P. Kinney III
jkinney at localnetsolutions.com
Wed Dec 14 09:00:31 EST 2005
This is a brute force attack on sshd. There are several versions of
openssh that have some login timing vulnerabilities. There are several
tools that monitor the logs and look for these break-in attempts and can
add drop rules to iptables.
On Wed, 2005-12-14 at 07:40 -0500, Christopher Fowler wrote:
> What is the attempt here and how are they attempting?
>
> Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Invalid user
> testing from 68.120.97.218
> Dec 14 02:58:10 209.168.246.231 authpriv.err sshd[194]: error: Could not
> get shadow information for NOUSER
> Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Failed password
> for invalid user testing from 68.120.97.218 port 59698 ssh2
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list