[ale] Backtracking to an IP
Nathan J. Underwood
ale1 at cybertechcafe.net
Wed Sep 8 09:07:46 EDT 2004
I suspect that I've been getting the same symptoms for about 6 weeks.
Failed login attempts on root, admin, nouser, guest, unknown, anonymous.
I see the attempts on several boxes (on different networks), and there
are generally quite a few in a very short time, and all using the same
mo. I definitely keep a close watch on local (and remote) logs, but
have written it off as some script kiddie spoofing IP's and using some
scripted tool (which would explain how they're hitting so many in such a
short period of time) for dictionary or brute force attacks.
--
registered linux user # 73046
Nathan J. Underwood
Cyber Tech Cafe' <><
http://www.cybertechcafe.net
John Mills wrote:
> ALERs -
>
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
>
> How can I learn a bit more about the source?
>
> TIA.
>
> - John Mills
> john.m.mills at alum.mit.edu
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
More information about the Ale
mailing list