[H-GEN] Blocking SSH exploits
Greg Black
gjb at gbch.net
Mon Aug 23 02:45:28 EDT 2004
On 2004-08-23, Greg Black wrote:
> On 2004-08-22, Sarah Walters wrote:
>
> > In the daily security report generated by our FreeBSD box, we've been
> > getting a lot of messages like the following lately:
> >
> > tempus.walters.id.au login failures:
> > Aug 21 09:07:25 tempus sshd[14677]: Failed password for root from
> > 219.238.239.178 port 39247 ssh2
>
> I've been seeing these regularly since 25 July.
I thought I should quantify this. On my home network, I've had
225 of these since 25 July. The usernames attempted have been
ROOT, admin, guest, test, user and the attempts have come from
the following IP addresses:
66.198.93.9
66.236.24.228
68.122.247.235
202.108.244.168
202.207.16.97
202.78.172.20
203.248.244.160
203.70.230.111
208.21.241.82
210.114.221.72
210.123.236.130
210.15.112.41
210.95.186.129
211.137.137.172
211.182.241.194
218.216.74.170
218.244.240.195
220.118.189.188
220.71.28.202
Cheers, Greg
More information about the General
mailing list