Haxorz this

Having an SSH server sitting out there means that nasty people are all over you ... bitches!

Go hack these IP addresses now!

Jan 14 03:23:50 X sshd[16135]: Illegal user test from 69.94.74.24
Jan 14 21:37:02 X sshd[17191]: Illegal user staff from 86.34.1.23
Jan 14 21:37:05 X sshd[17193]: Illegal user sales from 86.34.1.23
Jan 14 21:37:08 X sshd[17196]: Illegal user recruit from 86.34.1.23
Jan 14 21:37:12 X sshd[17198]: Illegal user alias from 86.34.1.23
Jan 14 21:37:15 X sshd[17200]: Illegal user office from 86.34.1.23
Jan 14 21:37:19 X sshd[17202]: Illegal user samba from 86.34.1.23
Jan 14 21:37:22 X sshd[17204]: Illegal user tomcat from 86.34.1.23
Jan 14 21:37:25 X sshd[17206]: Illegal user webadmin from 86.34.1.23
Jan 14 21:37:29 X sshd[17208]: Illegal user spam from 86.34.1.23
Jan 14 21:37:32 X sshd[17210]: Illegal user virus from 86.34.1.23
Jan 14 21:37:35 X sshd[17212]: Illegal user cyrus from 86.34.1.23
Jan 14 21:37:39 X sshd[17214]: Illegal user oracle from 86.34.1.23
Jan 14 21:37:42 X sshd[17216]: Illegal user michael from 86.34.1.23
Jan 14 21:37:50 X sshd[17220]: Illegal user test from 86.34.1.23
Jan 14 21:37:54 X sshd[17222]: Illegal user webmaster from 86.34.1.23
Jan 14 21:37:57 X sshd[17224]: Illegal user postmaster from 86.34.1.23
Jan 14 21:38:04 X sshd[17228]: Illegal user postgres from 86.34.1.23
Jan 14 21:38:08 X sshd[17230]: Illegal user paul from 86.34.1.23
Jan 14 21:38:14 X sshd[17234]: Illegal user guest from 86.34.1.23
Jan 14 21:38:18 X sshd[17236]: Illegal user admin from 86.34.1.23
Jan 14 21:38:21 X sshd[17238]: Illegal user linux from 86.34.1.23
Jan 14 21:38:24 X sshd[17240]: Illegal user user from 86.34.1.23
Jan 14 21:38:28 X sshd[17242]: Illegal user david from 86.34.1.23
Jan 14 21:38:31 X sshd[17244]: Illegal user web from 86.34.1.23
Jan 14 21:38:38 X sshd[17248]: Illegal user pgsql from 86.34.1.23
Jan 14 21:38:45 X sshd[17252]: Illegal user info from 86.34.1.23
Jan 14 21:38:48 X sshd[17254]: Illegal user tony from 86.34.1.23
Jan 14 21:38:52 X sshd[17256]: Illegal user core from 86.34.1.23
Jan 14 21:38:55 X sshd[17258]: Illegal user newsletter from 86.34.1.23
Jan 14 21:39:02 X sshd[17262]: Illegal user visitor from 86.34.1.23
Jan 14 21:39:05 X sshd[17264]: Illegal user ftpuser from 86.34.1.23
Jan 14 21:39:09 X sshd[17266]: Illegal user username from 86.34.1.23
Jan 14 21:39:12 X sshd[17268]: Illegal user administrator from 86.34.1.23
Jan 14 21:39:16 X sshd[17270]: Illegal user library from 86.34.1.23
Jan 14 21:39:19 X sshd[17272]: Illegal user test from 86.34.1.23
Jan 14 21:39:29 X sshd[17278]: Illegal user admin from 86.34.1.23
Jan 14 21:39:33 X sshd[17280]: Illegal user guest from 86.34.1.23
Jan 14 21:39:36 X sshd[17282]: Illegal user master from 86.34.1.23
Jan 14 21:39:57 X sshd[17294]: Illegal user admin from 86.34.1.23
Jan 14 21:40:00 X sshd[17296]: Illegal user admin from 86.34.1.23
Jan 14 21:40:04 X sshd[17298]: Illegal user admin from 86.34.1.23
Jan 14 21:40:07 X sshd[17300]: Illegal user admin from 86.34.1.23
Jan 14 21:40:17 X sshd[17306]: Illegal user test from 86.34.1.23
Jan 14 21:40:21 X sshd[17308]: Illegal user test from 86.34.1.23
Jan 14 21:40:24 X sshd[17310]: Illegal user webmaster from 86.34.1.23
Jan 14 21:40:28 X sshd[17312]: Illegal user username from 86.34.1.23
Jan 14 21:40:31 X sshd[17314]: Illegal user user from 86.34.1.23
Jan 14 21:40:38 X sshd[17318]: Illegal user admin from 86.34.1.23
Jan 14 21:40:41 X sshd[17320]: Illegal user test from 86.34.1.23
Jan 14 21:40:55 X sshd[17328]: Illegal user danny from 86.34.1.23
Jan 14 21:40:58 X sshd[17330]: Illegal user alex from 86.34.1.23
Jan 14 21:41:02 X sshd[17332]: Illegal user brett from 86.34.1.23
Jan 14 21:41:05 X sshd[17334]: Illegal user mike from 86.34.1.23
Jan 14 21:41:08 X sshd[17336]: Illegal user alan from 86.34.1.23
Jan 14 21:41:12 X sshd[17338]: Illegal user data from 86.34.1.23
Jan 14 21:41:16 X sshd[17340]: Illegal user www-data from 86.34.1.23
Jan 14 21:41:21 X sshd[17342]: Illegal user http from 86.34.1.23
Jan 14 21:41:26 X sshd[17344]: Illegal user httpd from 86.34.1.23
Jan 14 21:41:30 X sshd[17346]: Illegal user pop from 86.34.1.23
Jan 14 21:41:43 X sshd[17352]: Illegal user backup from 86.34.1.23
Jan 14 21:41:48 X sshd[17354]: Illegal user info from 86.34.1.23
Jan 14 21:41:53 X sshd[17356]: Illegal user shop from 86.34.1.23
Jan 14 21:41:57 X sshd[17358]: Illegal user sales from 86.34.1.23
Jan 14 21:42:01 X sshd[17360]: Illegal user web from 86.34.1.23
Jan 14 21:42:06 X sshd[17362]: Illegal user www from 86.34.1.23
Jan 14 21:42:10 X sshd[17364]: Illegal user wwwrun from 86.34.1.23
Jan 14 21:42:16 X sshd[17366]: Illegal user adam from 86.34.1.23
Jan 14 21:42:20 X sshd[17368]: Illegal user stephen from 86.34.1.23
Jan 14 21:42:25 X sshd[17370]: Illegal user richard from 86.34.1.23
Jan 14 21:42:29 X sshd[17372]: Illegal user george from 86.34.1.23
Jan 14 21:42:34 X sshd[17375]: Illegal user john from 86.34.1.23
Jan 14 21:42:43 X sshd[17379]: Illegal user angel from 86.34.1.23
Jan 14 21:42:53 X sshd[17383]: Illegal user pgsql from 86.34.1.23
Jan 14 21:43:09 X sshd[17389]: Illegal user ident from 86.34.1.23
Jan 14 21:43:13 X sshd[17391]: Illegal user webpop from 86.34.1.23
Jan 14 21:43:17 X sshd[17393]: Illegal user susan from 86.34.1.23
Jan 14 21:43:21 X sshd[17395]: Illegal user sunny from 86.34.1.23
Jan 14 21:43:25 X sshd[17397]: Illegal user stXn from 86.34.1.23
Jan 14 21:43:30 X sshd[17399]: Illegal user ssh from 86.34.1.23
Jan 14 21:43:34 X sshd[17401]: Illegal user search from 86.34.1.23
Jan 14 21:43:38 X sshd[17403]: Illegal user sara from 86.34.1.23
Jan 14 21:43:43 X sshd[17405]: Illegal user robert from 86.34.1.23
Jan 14 21:43:48 X sshd[17407]: Illegal user richard from 86.34.1.23
Jan 14 21:43:52 X sshd[17409]: Illegal user party from 86.34.1.23
Jan 14 21:43:56 X sshd[17411]: Illegal user amanda from 86.34.1.23
Jan 14 21:44:09 X sshd[17417]: Illegal user sgi from 86.34.1.23
Jan 14 21:44:19 X sshd[17421]: Illegal user users from 86.34.1.23
Jan 14 21:44:24 X sshd[17423]: Illegal user admins from 86.34.1.23
Jan 14 21:44:29 X sshd[17425]: Illegal user admins from 86.34.1.23
Jan 14 21:45:06 X sshd[17443]: Illegal user dean from 86.34.1.23
Jan 14 21:45:10 X sshd[17445]: Illegal user unknown from 86.34.1.23
Jan 14 21:45:15 X sshd[17447]: Illegal user securityagent from 86.34.1.23
Jan 14 21:45:19 X sshd[17449]: Illegal user tokend from 86.34.1.23
Jan 14 21:45:23 X sshd[17451]: Illegal user windowserver from 86.34.1.23
Jan 14 21:45:28 X sshd[17453]: Illegal user appowner from 86.34.1.23
Jan 14 21:45:32 X sshd[17455]: Illegal user xgridagent from 86.34.1.23
Jan 14 21:45:36 X sshd[17457]: Illegal user agent from 86.34.1.23
Jan 14 21:45:41 X sshd[17459]: Illegal user xgridcontroller from 86.34.1.23
Jan 14 21:45:45 X sshd[17461]: Illegal user jabber from 86.34.1.23
Jan 14 21:45:50 X sshd[17463]: Illegal user amavisd from 86.34.1.23
Jan 14 21:45:54 X sshd[17465]: Illegal user clamav from 86.34.1.23
Jan 14 21:45:58 X sshd[17467]: Illegal user appserver from 86.34.1.23
Jan 14 21:46:03 X sshd[17469]: Illegal user mailman from 86.34.1.23
Jan 14 21:46:07 X sshd[17471]: Illegal user cyrusimap from 86.34.1.23
Jan 14 21:46:11 X sshd[17473]: Illegal user qtss from 86.34.1.23
Jan 14 21:46:15 X sshd[17475]: Illegal user eppc from 86.34.1.23
Jan 14 21:46:19 X sshd[17477]: Illegal user telnetd from 86.34.1.23
Jan 14 21:46:23 X sshd[17479]: Illegal user identd from 86.34.1.23
Jan 14 21:46:27 X sshd[17481]: Illegal user gnats from 86.34.1.23
Jan 14 21:46:31 X sshd[17483]: Illegal user jeff from 86.34.1.23
Jan 14 21:46:35 X sshd[17485]: Illegal user irc from 86.34.1.23
Jan 14 21:46:39 X sshd[17487]: Illegal user list from 86.34.1.23
Jan 14 21:46:43 X sshd[17489]: Illegal user elX from 86.34.1.23
Jan 14 21:46:47 X sshd[17491]: Illegal user proxy from 86.34.1.23
Jan 14 21:46:51 X sshd[17493]: Illegal user sys from 86.34.1.23
Jan 14 21:46:56 X sshd[17495]: Illegal user zzz from 86.34.1.23
Jan 14 21:46:59 X sshd[17497]: Illegal user frank from 86.34.1.23
Jan 14 21:47:03 X sshd[17499]: Illegal user dan from 86.34.1.23
Jan 14 21:47:07 X sshd[17501]: Illegal user james from 86.34.1.23
Jan 14 21:47:11 X sshd[17503]: Illegal user snort from 86.34.1.23
Jan 14 21:47:15 X sshd[17505]: Illegal user radiomail from 86.34.1.23
Jan 14 21:47:19 X sshd[17507]: Illegal user harrypotter from 86.34.1.23
Jan 14 21:47:24 X sshd[17509]: Illegal user divine from 86.34.1.23
Jan 14 21:47:27 X sshd[17511]: Illegal user popa3d from 86.34.1.23
Jan 14 21:47:31 X sshd[17513]: Illegal user aptproxy from 86.34.1.23
Jan 14 21:47:35 X sshd[17515]: Illegal user desktop from 86.34.1.23
Jan 14 21:47:39 X sshd[17517]: Illegal user workshop from 86.34.1.23

Said it before and I'll say it again ... bitches

Haxorz this | 1 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Haxorz this

Authored by: jason on Sunday, January 15 2006 at 06:42 PM EST

Yep, I know what you mean, and share your anger. A little while ago, for the first time ever, I firewalled off inbound access to port 22, from only a few /8's and /16's, but unfortunately it still lets a good portion of Korea and China in (fucken APNIC).

My only conclusion, which seems to be shared around the net, is that the only defence to SSH dictionary attacks is reactive firewalling.

By this I mean, something like an intrusion detection package (like portsentry), where if there are say, more than 10 SYN connections from a remote host within 30 seconds, run an arbitrary command (like ipchains or ipfilter command) to firewall that IP off.

Or, in the case of what I'll probably do, run an arbitrary command like route and blackhole route them.

Sections

Poll

Older Stories

Thursday 24-Sep

Wednesday 15-Jul

Monday 06-Jul

Wednesday 24-Jun

Tuesday 23-Jun

Wednesday 06-May

Monday 04-May

Sunday 19-Apr