[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Backtracking to an IP

Subject: [ale] Backtracking to an IP
From: ale1 at cybertechcafe.net (Nathan J. Underwood)
Date: Wed Sep 8 09:07:46 2004
In-reply-to: <[email protected]>
References: <[email protected]>

I suspect that I've been getting the same symptoms for about 6 weeks. 
Failed login attempts on root, admin, nouser, guest, unknown, anonymous. 
  I see the attempts on several boxes (on different networks), and there 
are generally quite a few in a very short time, and all using the same 
mo.  I definitely keep a close watch on local (and remote) logs, but 
have written it off as some script kiddie spoofing IP's and using some 
scripted tool (which would explain how they're hitting so many in such a 
short period of time) for dictionary or brute force attacks.

--
registered linux user # 73046

Nathan J. Underwood
Cyber Tech Cafe' <><
http://www.cybertechcafe.net

John Mills wrote:
> ALERs -
> 
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
> 
> How can I learn a bit more about the source?
> 
> TIA.
> 
>  - John Mills
>    john.m.mills at alum.mit.edu
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature

Follow-Ups:
- [ale] Backtracking to an IP
  - From: dmcnash at charter.net (Doug McNash)

References:
- [ale] Backtracking to an IP
  - From: johnmills at speakeasy.net (John Mills)

Prev by Date: [ale] Backtracking to an IP
Next by Date: [ale] OT: Hosting resellers on the list?
Previous by thread: [ale] Backtracking to an IP
Next by thread: [ale] Backtracking to an IP
Index(es):
- Date
- Thread