Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Security Incidents: SSH probes?

SSH probes?

From: Devdas Bhagat <devdas_at_dvb.homelinux.org>
Date: Sun, 9 May 2004 22:04:30 +0530

I got about 61 of these in my logs before I turned sshd off. This looks
like a brute force attempt at getting a login.

May 9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20 user=ftp
May 9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown
May 9 21:35:10 evita sshd(pam_unix)[16374]: authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20
May 9 21:35:16 evita sshd(pam_unix)[16375]: check pass; user unknown

Anyone else seeing events like this?
The box is patched, up to date and still uncompromised. Timezone is
UTC +0530 and synchronised to ntp.

Devdas Bhagat

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Received on May 10 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]