[H-GEN] Blocking SSH exploits

Greg Black gjb at gbch.net
Mon Aug 23 02:45:28 EDT 2004


On 2004-08-23, Greg Black wrote:
> On 2004-08-22, Sarah Walters wrote:
> 
> > In the daily security report generated by our FreeBSD box, we've been 
> > getting a lot of messages like the following lately:
> > 
> > tempus.walters.id.au login failures:
> > Aug 21 09:07:25 tempus sshd[14677]: Failed password for root from 
> > 219.238.239.178 port 39247 ssh2
> 
> I've been seeing these regularly since 25 July.

I thought I should quantify this.  On my home network, I've had
225 of these since 25 July.  The usernames attempted have been 
ROOT, admin, guest, test, user and the attempts have come from
the following IP addresses:

    66.198.93.9
    66.236.24.228
    68.122.247.235
    202.108.244.168
    202.207.16.97
    202.78.172.20
    203.248.244.160
    203.70.230.111
    208.21.241.82
    210.114.221.72
    210.123.236.130
    210.15.112.41
    210.95.186.129
    211.137.137.172
    211.182.241.194
    218.216.74.170
    218.244.240.195
    220.118.189.188
    220.71.28.202

Cheers, Greg




More information about the General mailing list