Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Damn Attacks..
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
Simba7
l33t
l33t


Joined: 22 Jan 2007
Posts: 685
Location: Billings, MT, USA

PostPosted: Thu Nov 20, 2008 4:31 am    Post subject: Damn Attacks.. Reply with quote

I sure don't know where this goes.. But..

I've been getting a sh*tload of these attacks. My message log is getting quite big because of these damn attacks.

Code:
Nov 20 01:45:19 scratchansniff sshd[6639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=sd-1125.dedibox.fr  user=root
Nov 20 01:45:20 scratchansniff sshd[6637]: error: PAM: Authentication failure for root from sd-1125.dedibox.fr
Nov 20 01:45:50 scratchansniff sshd[6640]: Address 66.228.16.8 maps to static-broadband-8.gorge.net, but this does not map back to the address - POSSIBLE BREAK-IN
 ATTEMPT!
Nov 20 01:45:51 scratchansniff sshd[6642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.228.16.8  user=root
Nov 20 01:45:53 scratchansniff sshd[6640]: error: PAM: Authentication failure for root from 66.228.16.8
Nov 20 01:46:39 scratchansniff sshd[6706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.amp.com.co  user=root
Nov 20 01:46:41 scratchansniff sshd[6704]: error: PAM: Authentication failure for root from mail.amp.com.co
Nov 20 01:47:01 scratchansniff sshd[6707]: Address 70.91.173.153 maps to engle.town.morrison.co.us, but this does not map back to the address - POSSIBLE BREAK-IN
ATTEMPT!
Nov 20 01:47:01 scratchansniff sshd[6709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.91.173.153  user=root

Nov 20 01:47:03 scratchansniff sshd[6707]: error: PAM: Authentication failure for root from 70.91.173.153
Nov 20 01:47:39 scratchansniff sshd[6773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-101.pl1211120-1.fiber.net
 user=root
Nov 20 01:47:41 scratchansniff sshd[6771]: error: PAM: Authentication failure for root from host-101.pl1211120-1.fiber.net
Nov 20 01:48:14 scratchansniff sshd[6837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host211-90-static.62-88-b.busin
ess.telecomitalia.it  user=root
Nov 20 01:48:16 scratchansniff sshd[6833]: error: PAM: Authentication failure for root from host211-90-static.62-88-b.business.telecomitalia.it
Nov 20 01:48:46 scratchansniff sshd[6840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=customer-200-79-25-39.uninet.ne
t.mx  user=root
Nov 20 01:48:47 scratchansniff sshd[6838]: error: PAM: Authentication failure for root from customer-200-79-25-39.uninet.net.mx
Nov 20 01:49:30 scratchansniff sshd[6920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=eigl.netbox.cz  user=root
Nov 20 01:49:32 scratchansniff sshd[6918]: error: PAM: Authentication failure for root from eigl.netbox.cz
Nov 20 01:49:56 scratchansniff sshd[6923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=24-181-23-242.static.gwnt.ga.ch
arter.com  user=root

..also.. I've been getting name attacks (using the name dictionary) on my ports. Is anyone else getting nailed? Also:
Code:
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS
Nov 20 03:56:40 scratchansniff named[3126]: too many timeouts resolving '3.gentoo.pool.ntp.org/A' (in '.'?): disabling EDNS

_________________
Router(Nokia IP390,2GB RAM,8GB SSD,4xGE/4xFE ports,OpenBSD) | MyDT(Xeon X3470@3.45GHz,16GB RAM,2TB+2TB+3x1.5TB HDDs,GFGTX560Ti,LG BD-RE,Win10TP)
MyLT(Asus G53SX,32GB RAM,2x2TB HDDs,BD-RE,Intel 6230,Win7) | Wife(PnmIIX6@2.9GHz,8GB RAM,1TB HDD,DVDRW,Win7)
Back to top
View user's profile Send private message
timeBandit
Bodhisattva
Bodhisattva


Joined: 31 Dec 2004
Posts: 2672
Location: here, there or in transit

PostPosted: Thu Nov 20, 2008 4:42 am    Post subject: Reply with quote

Discussions of this problem are almost as common as the problem. Please search before posting (fail2ban, denyhosts, "ssh brute force" all locate more examples).

Moved from Networking & Security to Duplicate Threads.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum