sequences in the auth.log - Nikolaj I. Potanin - org.freebsd.freebsd-security

12 messages in org.freebsd.freebsd-securitysequences in the auth.log

From	Sent On	Attachments
Sandor Berta	Aug 13, 2004 7:05 am
Dan Langille	Aug 13, 2004 7:14 am
Nikolaj I. Potanin	Aug 13, 2004 7:14 am
Mohacsi Janos	Aug 13, 2004 7:15 am
Jan Muenther	Aug 13, 2004 7:55 am
Craig Edwards	Aug 13, 2004 10:48 am
Peter C. Lai	Aug 13, 2004 11:52 am
Gregory Kuhn	Aug 13, 2004 12:35 pm
Justin	Aug 17, 2004 9:01 pm
Allen/Gore/SlackWareWolf	Aug 17, 2004 9:39 pm
Nikolay Pavlov	Aug 18, 2004 2:54 am
Devon H. O'Dell	Aug 18, 2004 2:56 am

Subject:	sequences in the auth.log
From:	Nikolaj I. Potanin (niko...@drweb.ru)
Date:	Aug 13, 2004 7:14:30 am
List:	org.freebsd.freebsd-security

Hello,

Someone is trying to pick-up a password for these accounts. Restrict your ssh service to your trusted networks only.

Hi all, I found similar sequences in the /var/auth.log files of freebsd boxes, I supervise.: Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20 Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20 Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20 Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20 Aug 13 13:56:21 www sshd[26105]: Illegal user user from 165.21.103.20 Aug 13 13:56:25 www sshd[26107]: Failed password for root from 165.21.103.20 port 39678 ssh2 Aug 13 13:56:28 www sshd[26109]: Failed password for root from 165.21.103.20 port 39760 ssh2 Aug 13 13:56:32 www sshd[26111]: Failed password for root from 165.21.103.20 port 39836 ssh2 Aug 13 13:56:35 www sshd[26113]: Illegal user test from 165.21.103.20 Aug 13 14:25:36 www sshd[26485]: Illegal user test from 202.28.120.57 Aug 13 14:25:41 www sshd[26487]: Illegal user guest from 202.28.120.57

What are these?

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets