i have the same problems this days.. well, months!!
Kai Pfeiffer
02/12/2004 13:10
Para
suse-security@suse.com
cc
Asunto
[suse-security] ssh-Attack?
Hello list,
in my logs I found the appended entries. My question is, what is the
intention
of this guy. I don't understand, why he uses a few loginnames many times
and
others only one time. There is no account on my box which matches to one
of
the tested loginnames.
Another thing. I get this userlist (exactly the same names in the same
order)
from many different IPs.
Any hints?
regards
Kai Pfeiffer
Dec 1 11:02:54 mybox sshd[14251]: Illegal user patrick from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:55 mybox sshd[14253]: Illegal user patrick from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:55 mybox sshd[14265]: Illegal user rolo from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:56 mybox sshd[14267]: Illegal user iceuser from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:56 mybox sshd[14269]: Illegal user horde from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:56 mybox sshd[14271]: Illegal user cyrus from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:56 mybox sshd[14273]: Illegal user www from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:56 mybox sshd[14277]: Illegal user matt from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14279]: Illegal user test from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14281]: Illegal user test from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14283]: Illegal user test from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14285]: Illegal user test from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14287]: Illegal user www-data from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14291]: Illegal user operator from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:57 mybox sshd[14293]: Illegal user adm from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14295]: Illegal user apache from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14297]: Illegal user irc from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14299]: Illegal user irc from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14301]: Illegal user adm from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14309]: Illegal user jane from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:58 mybox sshd[14311]: Illegal user pamela from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:02:59 mybox sshd[14323]: Illegal user cosmin from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:04 mybox sshd[14397]: Illegal user cip52 from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:04 mybox sshd[14399]: Illegal user cip51 from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:05 mybox sshd[14403]: Illegal user noc from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:05 mybox sshd[14413]: Illegal user webmaster from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:05 mybox sshd[14415]: Illegal user data from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14417]: Illegal user user from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14419]: Illegal user user from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14421]: Illegal user user from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14423]: Illegal user web from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14425]: Illegal user web from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14427]: Illegal user oracle from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14429]: Illegal user sybase from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:06 mybox sshd[14431]: Illegal user master from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14433]: Illegal user account from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14435]: Illegal user backup from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14437]: Illegal user server from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14439]: Illegal user adam from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14441]: Illegal user alan from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:07 mybox sshd[14443]: Illegal user frank from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:08 mybox sshd[14445]: Illegal user george from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:08 mybox sshd[14447]: Illegal user henry from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:08 mybox sshd[14449]: Illegal user john from
::ffff:xxx.xxx.xxx.xxx
Dec 1 11:03:09 mybox sshd[14461]: Illegal user test from
::ffff:xxx.xxx.xxx.xxx
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here