[H-GEN] Re: Blocking SSH exploits

Troy Piggins troy at piggo.com
Tue Aug 24 23:50:53 EDT 2004


> From: Jay <johannes at paradise.net.nz>
> Subject: Re: [H-GEN] Blocking SSH exploits
>
> Same here since July 26 using names (root, user, test, admin, guest) and 
> originating from:
> 
> 61.109.156.5
> 61.151.243.61
> 61.166.6.60
> 63.243.17.136
> 65.120.161.253
> 68.122.247.235
> 148.228.20.67
> 160.80.34.9
> 163.23.103.193
> 163.26.85.193
> 195.228.156.19
> 202.102.242.180
> 202.207.16.97
> 203.146.102.54
> 203.234.222.231
> 203.248.244.160
> 210.223.178.180
> 210.95.186.129
> 211.214.133.140
> 218.216.74.170
> 221.166.173.22
> 
> Most attempts come in blocks of up to nine per ip within about 30 seconds, 
> which suggests some form of automation is being used.
> 
> Cheers
> 
> Johannes

How do you get this in this format?  Do you have scripts that filter
out the IPs, or did you just edit manually for this email?

I have the output from logwatch, but would appreciate a filter
script to keep a specific log.

-- 
T R O Y  P I G G I N S
e : troy at piggo.com




More information about the General mailing list