On Aug 3, 2004, at 5:31 PM, Mike Burger wrote:
There've been a ton of sshd scans/attempts, all over, lately. There was
some mention of it on one of the other Red Hat lists.
Ditto there. I just sent a message today to one of my other user-lists asking about a possible SSH exploit. Is there some kind of new script kiddie script released recently or some kind of h4x0r contest going on? I've seen a different scan on all 3 of my boxes at least every other hour. It probably started occurring more than a week ago. Here's a snip from my logs.
Aug 3 06:31:41 www sshd[18216]: Illegal user test from 210.114.220.147
Aug 3 06:31:42 www sshd[18216]: Failed password for illegal user test from 210.114.220.147 port 49847 ssh2
Aug 3 06:31:44 www sshd[18219]: Illegal user guest from 210.114.220.147
Aug 3 06:31:45 www sshd[18219]: Failed password for illegal user guest from 210.114.220.147 port 49881 ssh2
Aug 3 06:32:12 www sshd[18223]: Illegal user test from 210.114.220.147
Aug 3 06:32:12 www sshd[18223]: Failed password for illegal user test from 210.114.220.147 port 50171 ssh2
Aug 3 06:32:14 www sshd[18225]: Illegal user guest from 210.114.220.147
Aug 3 06:32:15 www sshd[18225]: Failed password for illegal user guest from 210.114.220.147 port 50208 ssh2
Regards, Jay
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
