is this an intruder?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here's what I'm seeing on /var/log/messages:

Jan  4 11:00:00 BANYAN wvdial[3573]: Carrier detected.  Chatmode finished.
Jan  4 11:00:00 BANYAN pppd[3563]: Serial connection established.
Jan  4 11:00:00 BANYAN pppd[3563]: Connect: ppp0 <--> /dev/ttyS1
Jan  4 11:00:05 BANYAN modprobe: modprobe: Can't locate module ppp-compress-21
Jan  4 11:00:05 BANYAN modprobe: modprobe: Can't locate module ppp-compress-21
Jan  4 11:00:05 BANYAN pppd[3563]: Remote IP address changed to 216.238.192.133
Jan 4 11:17:22 BANYAN sshd(pam_unix)[3624]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=ftp Jan 4 11:17:36 BANYAN sshd(pam_unix)[3630]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=mail Jan 4 11:18:12 BANYAN sshd(pam_unix)[3648]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=postgres Jan 4 11:18:39 BANYAN sshd(pam_unix)[3662]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=xfs Jan 4 11:18:45 BANYAN sshd(pam_unix)[3664]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=news Jan 4 11:18:52 BANYAN sshd(pam_unix)[3666]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=lp Jan 4 11:18:58 BANYAN sshd(pam_unix)[3668]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=rpc Jan 4 11:19:04 BANYAN sshd(pam_unix)[3670]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=rpcuser Jan 4 11:19:10 BANYAN sshd(pam_unix)[3672]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=uucp Jan 4 11:19:52 BANYAN sshd(pam_unix)[3694]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=nscd Jan 4 11:19:58 BANYAN sshd(pam_unix)[3696]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=mailnull Jan 4 11:20:04 BANYAN sshd(pam_unix)[3698]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=smmsp Jan 4 11:20:10 BANYAN sshd(pam_unix)[3700]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=pcap Jan 4 11:20:23 BANYAN sshd(pam_unix)[3706]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=vcsa Jan 4 11:20:29 BANYAN sshd(pam_unix)[3708]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=squid Jan 4 11:21:55 BANYAN sshd(pam_unix)[3756]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=sshd Jan 4 11:22:18 BANYAN sshd(pam_unix)[3768]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=desktop Jan 4 11:25:44 BANYAN sshd(pam_unix)[3887]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=gdm Jan 4 11:26:42 BANYAN sshd(pam_unix)[3919]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=rpm Jan 4 11:27:39 BANYAN sshd(pam_unix)[3951]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=212.20.204.10 user=ntp 
Jan  4 12:14:35 BANYAN sshd(pam_unix)[3452]: session closed for user marty


Here's the end of a traceroute for the rhost:
10 pos5-0.2488M.albnxg1.ip.tele.dk (83.88.26.5) 288.137 ms 288.986 ms 268.915 ms 11 pos6-0.2488M.albnxg7.ip.tele.dk (83.88.12.74) 267.786 ms 258.239 ms 259.015 ms 12 pos5-0.cop-p1.dk.sn.net (195.215.109.66) 248.001 ms 268.197 ms 258.937 ms 
13  80.239.104.58 (80.239.104.58)  278.789 ms  268.428 ms  268.851 ms
14  212.20.204.21 (212.20.204.21)  268.051 ms  279.010 ms  278.904 ms
15  * * *
Not sure if I'm reading this right as this is new to me but it appears someone in Denmark spent about 10 minutes trying a variety of userid's to start an ssh session on my network gateway. 


Marty


Marty Landman, Face 2 Interface Inc. 845-679-9387
Webmaster's Bulletin Board: http://bbs.face2interface.com/
Web Installed Formmail: http://face2interface.com/formINSTal 
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux