Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Automated SSH login attempts?
From: Alain Crespo <gazpa () euskalnet net>
Date: Thu, 29 Jul 2004 01:45:28 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I also seen since July 22nd, bruteforce login attempts on ftpd (proftpd) from 
same ip ranges. And like you some attempts in sshd. The difference between 
them is that for sshd used users are same as yours, but for ftpd they used a 
usernames dictionary (with hundreds of users, what patience ;) ).
Anyone noticed some similar?



Jul 22 21:23:06 www0 proftpd[4447]: myhost (61.109.251.191[61.109.251.191]) - 
USER invaliduserinvalid: no such user found from 61.109.251.191 
[61.109.251.191] to 82.130.240.230:21
Jul 22 21:23:08 www0 proftpd[4448]: myhost (61.109.251.191[61.109.251.191]) - 
USER board: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:10 www0 proftpd[4449]: myhost (61.109.251.191[61.109.251.191]) - 
USER btraining: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:12 www0 proftpd[4451]: myhost (61.109.251.191[61.109.251.191]) - 
USER distros: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:14 www0 proftpd[4452]: myhost (61.109.251.191[61.109.251.191]) - 
USER forge4os: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:16 www0 proftpd[4453]: myhost (61.109.251.191[61.109.251.191]) - 
USER licentia: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:18 www0 proftpd[4454]: myhost (61.109.251.191[61.109.251.191]) - 
USER linuxnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:20 www0 proftpd[4455]: myhost (61.109.251.191[61.109.251.191]) - 
USER localgforge: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:22 www0 proftpd[4456]: myhost (61.109.251.191[61.109.251.191]) - 
USER metalist: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:25 www0 proftpd[4457]: myhost (61.109.251.191[61.109.251.191]) - 
USER myos: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:27 www0 proftpd[4458]: myhost (61.109.251.191[61.109.251.191]) - 
USER newsadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:29 www0 proftpd[4459]: myhost (61.109.251.191[61.109.251.191]) - 
USER osgitestbed: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:31 www0 proftpd[4463]: myhost (61.109.251.191[61.109.251.191]) - 
USER ossnews: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:34 www0 proftpd[4464]: myhost (61.109.251.191[61.109.251.191]) - 
USER osync: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:36 www0 proftpd[4465]: myhost (61.109.251.191[61.109.251.191]) - 
USER peerrating: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:38 www0 proftpd[4466]: myhost (61.109.251.191[61.109.251.191]) - 
USER resolvit: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21
Jul 22 21:23:40 www0 proftpd[4467]: myhost (61.109.251.191[61.109.251.191]) - 
USER siteadmin: no such user found from 61.109.251.191 [61.109.251.191] to 
82.130.240.230:21


- -- 

un saludo,

Alain Crespo <gazpa () euskalnet net>

_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_

Why use Windows, since there is a door?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBCDqYP3/+R0rF2wkRAtW3AJ963dd6X7Nf17ZjRV/IDcb3DX4GfQCgjkD4
dbK+EryHfYKhIQDcaYMMiec=
=zLQW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault