Possible hack attempt?

Sun, 04 Dec 2005 01:16:01 -0800

I just happened, for GP, to check my auth.log file on my firewall. I found a lengthy listing that appears to be a dictionary attack against me. Can someone tell me what I'm dealing with here?
My firewall is Debian GNU/Linux 2.6 SID, with a firehol generated iptables fireall, OpenVPN, and sshd. I'm connecting to the VPN from remote sites via Windows clients running OpenVPN and Putty. 

auth.log:
<snip>
Dec  4 00:49:53 foxy sshd[28704]: Illegal user amber from ::ffff:83.245.39.2

Dec  4 00:49:53 foxy sshd[28704]: error: Could not get shadow 
information for NOUSER
Dec  4 00:49:53 foxy sshd[28704]: Failed password for illegal user amber 
from ::ffff:83.245.39.2 port 48875 ssh2

Dec  4 00:49:54 foxy sshd[28706]: Illegal user amber from ::ffff:83.245.39.2

Dec  4 00:49:54 foxy sshd[28706]: error: Could not get shadow 
information for NOUSER
Dec  4 00:49:54 foxy sshd[28706]: Failed password for illegal user amber 
from ::ffff:83.245.39.2 port 48923 ssh2

Dec  4 00:49:56 foxy sshd[28708]: Illegal user amy from ::ffff:83.245.39.2

Dec  4 00:49:56 foxy sshd[28708]: error: Could not get shadow 
information for NOUSER
Dec  4 00:49:56 foxy sshd[28708]: Failed password for illegal user amy 
from ::ffff:83.245.39.2 port 48977 ssh2

Dec  4 00:49:57 foxy sshd[28710]: Illegal user amy from ::ffff:83.245.39.2

Dec  4 00:49:57 foxy sshd[28710]: error: Could not get shadow 
information for NOUSER
Dec  4 00:49:57 foxy sshd[28710]: Failed password for illegal user amy 
from ::ffff:83.245.39.2 port 49029 ssh2
Dec  4 00:49:59 foxy sshd[28713]: Illegal user anastacia from 
::ffff:83.245.39.2
Dec  4 00:49:59 foxy sshd[28713]: error: Could not get shadow 
information for NOUSER
Dec  4 00:49:59 foxy sshd[28713]: Failed password for illegal user 
anastacia from ::ffff:83.245.39.2 port 49086 ssh2
Dec  4 00:50:00 foxy sshd[28715]: Illegal user anastacia from 
::ffff:83.245.39.2
Dec  4 00:50:00 foxy sshd[28715]: error: Could not get shadow 
information for NOUSER
Dec  4 00:50:00 foxy sshd[28715]: Failed password for illegal user 
anastacia from ::ffff:83.245.39.2 port 49138 ssh2

<snip>

Daniel


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
























					Reply via email to