Freesco, NND, CDN, EOS :: Wyświetl temat - Proba ataku na router NND.

: [/] [] ()

...
...
Jul 19 10:09:46 r_nnd kernel: eth1: link down
Jul 19 10:09:48 r_nnd kernel: eth1: link up, 100Mbps, full-duplex, lpa 0x45E1
...
Jul 20 02:29:35 r_nnd sshd[28735]: Illegal user test from 66.250.111.33
Jul 20 02:29:36 r_nnd sshd[28737]: Illegal user guest from 66.250.111.33
Jul 20 02:29:38 r_nnd sshd[28739]: Illegal user admin from 66.250.111.33
Jul 20 02:29:40 r_nnd sshd[28741]: Illegal user admin from 66.250.111.33
Jul 20 02:29:42 r_nnd sshd[28743]: Illegal user user from 66.250.111.33
Jul 20 02:29:44 r_nnd sshd[28745]: Failed password for root from 66.250.111.33 port 40720 ssh2
Jul 20 02:29:45 r_nnd sshd[28747]: Failed password for root from 66.250.111.33 port 40779 ssh2
Jul 20 02:29:47 r_nnd sshd[28749]: Failed password for root from 66.250.111.33 port 40840 ssh2
Jul 20 02:29:49 r_nnd sshd[28751]: Illegal user test from 66.250.111.33
Jul 20 02:53:16 r_nnd -- MARK --
...
Jul 20 17:37:07 r_nnd sshd[18902]: Illegal user test from 131.234.157.10
Jul 20 17:37:08 r_nnd sshd[18904]: Illegal user guest from 131.234.157.10
Jul 20 17:37:08 r_nnd sshd[18906]: Illegal user admin from 131.234.157.10
Jul 20 17:37:09 r_nnd sshd[18908]: Illegal user admin from 131.234.157.10
Jul 20 17:37:09 r_nnd sshd[18910]: Illegal user user from 131.234.157.10
Jul 20 17:37:10 r_nnd sshd[18912]: Failed password for root from 131.234.157.10 port 50387 ssh2
Jul 20 17:37:10 r_nnd sshd[18914]: Failed password for root from 131.234.157.10 port 50412 ssh2
Jul 20 17:37:10 r_nnd sshd[18916]: Failed password for root from 131.234.157.10 port 50432 ssh2
Jul 20 17:37:11 r_nnd sshd[18918]: Illegal user test from 131.234.157.10
...

Autor:	Koriolan [ środa, 28 lipca 2004, 16:40 ]
Tytuł:	Proba ataku na router NND.
Mam w logach takie cos: : [/] [] () ... ... Jul 19 10:09:46 r_nnd kernel: eth1: link down Jul 19 10:09:48 r_nnd kernel: eth1: link up, 100Mbps, full-duplex, lpa 0x45E1 ... Jul 20 02:29:35 r_nnd sshd[28735]: Illegal user test from 66.250.111.33 Jul 20 02:29:36 r_nnd sshd[28737]: Illegal user guest from 66.250.111.33 Jul 20 02:29:38 r_nnd sshd[28739]: Illegal user admin from 66.250.111.33 Jul 20 02:29:40 r_nnd sshd[28741]: Illegal user admin from 66.250.111.33 Jul 20 02:29:42 r_nnd sshd[28743]: Illegal user user from 66.250.111.33 Jul 20 02:29:44 r_nnd sshd[28745]: Failed password for root from 66.250.111.33 port 40720 ssh2 Jul 20 02:29:45 r_nnd sshd[28747]: Failed password for root from 66.250.111.33 port 40779 ssh2 Jul 20 02:29:47 r_nnd sshd[28749]: Failed password for root from 66.250.111.33 port 40840 ssh2 Jul 20 02:29:49 r_nnd sshd[28751]: Illegal user test from 66.250.111.33 Jul 20 02:53:16 r_nnd -- MARK -- ... Jul 20 17:37:07 r_nnd sshd[18902]: Illegal user test from 131.234.157.10 Jul 20 17:37:08 r_nnd sshd[18904]: Illegal user guest from 131.234.157.10 Jul 20 17:37:08 r_nnd sshd[18906]: Illegal user admin from 131.234.157.10 Jul 20 17:37:09 r_nnd sshd[18908]: Illegal user admin from 131.234.157.10 Jul 20 17:37:09 r_nnd sshd[18910]: Illegal user user from 131.234.157.10 Jul 20 17:37:10 r_nnd sshd[18912]: Failed password for root from 131.234.157.10 port 50387 ssh2 Jul 20 17:37:10 r_nnd sshd[18914]: Failed password for root from 131.234.157.10 port 50412 ssh2 Jul 20 17:37:10 r_nnd sshd[18916]: Failed password for root from 131.234.157.10 port 50432 ssh2 Jul 20 17:37:11 r_nnd sshd[18918]: Illegal user test from 131.234.157.10 ... GeSHi © Codebox Plus Czyzby hakiery wymienialy sie skrypcikami wlamujacymi do linux'a ? Na szczesci w NND nie ma takich userow

Autor:	passy [ czwartek, 29 lipca 2004, 00:57 ]
Tytuł:
Nie ma usera root? To cos chyba nie tak jest u mnie, bo u mnie jest

Autor:	Koriolan [ czwartek, 29 lipca 2004, 16:00 ]
Tytuł:
Zle to odczytales ! Podane ZLE haslo (failed). Nie ma useera 'user', 'test' itp. Ciekawe tez jest to, ze taki sam atak z dwoch roznych IP

Autor:	Anonymous [ czwartek, 5 sierpnia 2004, 01:11 ]
Tytuł:
U mnie takich "atakow" jest wiecej, z roznych ip. Nie ma sie czego obawiac.

Autor:	Maciek [ piątek, 6 sierpnia 2004, 00:36 ]
Tytuł:
Jest to badziewna produkcja, która automatycznie skanuje hosty podstawiając spodziewanych userów - test, admin, ftp i tym podobnych, licząc też na standardowych adminów nie zmieniających (nie mających porządnych) haseł. Ostatecznie jeśli z jednego IP będzie tego masa, można dodać do hosts.deny.

Freesco, NND, CDN, EOS http://forum.freesco.pl/

Proba ataku na router NND. http://forum.freesco.pl/viewtopic.php?f=22&t=5037	Strona 1 z 1

Strona 1 z 1	Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/