[nsp-sec] coordinated slow ssh crack attempts
Smith, Donald
Donald.Smith at qwest.com
Wed Sep 10 13:16:48 EDT 2008
Daniel Gerzo who has been fairly active in ssh bruteforce blocking has a list of ssh bruteforce attackers here:
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
Whois info here:
https://asn.cymru.com/nsp-sec/upload/1221065932.whois.txt
I checked several of the IP addresses that Mike submitted. The ones I checked were in this list too.
Those were also checked at http://isc.sans.org/ipdetails.html?ip=xxx.xxx.xxx.xxx and the ones I checked showed up there as being reported for ssh attacks.
So I didn't validate the ENTIRE list but did spot check against several sources with zero false positives so far.
I removed the qwest ips and will provide them to our abuse team for notification.
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Mike Tancsa
> Sent: Wednesday, September 10, 2008 8:28 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] coordinated slow ssh crack attempts
>
> ----------- nsp-security Confidential --------
>
> It seems the IP addresses below are part of some
> coordinated bruteforce ssh attack. The IPs below
> each try a user once or twice (example below IP
> list). It started at 0400 GMT today and is still continuing now.
>
>
> # grep Invalid /var/log/auth.log | grep from |
> awk '{print $10}' | sort | uniq | awk '{print
> "whois -h whois.cymru.com "$1}' | sh | grep -v ^AS | sort -n
> AS | IP | AS Name
> 1221 | 121.223.232.208 | ASN-TELSTRA Telstra Pty Ltd
> 1221 | 165.228.181.30 | ASN-TELSTRA Telstra Pty Ltd
> 1221 | 165.228.206.192 | ASN-TELSTRA Telstra Pty Ltd
> 2529 | 80.177.241.2 | DEMON-INTERNET Demon Internet
> 2819 | 193.179.133.237 | GTSCZ GTS NOVERA (GTS CZ)
> 2819 | 194.108.136.72 | GTSCZ GTS NOVERA (GTS CZ)
> 2854 | 194.84.60.1 | ROSPRINT-AS &Equant Russia AS
> 2856 | 81.149.101.27 | BT-UK-AS BTnet UK Regional network
> 3209 | 213.23.22.123 | Arcor IP-Network
> 3215 | 193.251.43.141 | AS3215 France Telecom - Orange
> 3216 | 195.190.125.194 | SOVAM-AS Golden Telecom, Moscow, Russia
> 3216 | 195.218.214.30 | SOVAM-AS Golden Telecom, Moscow, Russia
> 3269 | 79.28.101.87 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 79.4.137.92 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 79.5.121.3 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 82.186.188.42 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 82.88.55.72 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 82.89.73.130 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 85.42.91.154 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 87.30.163.87 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 88.34.230.218 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 88.38.216.170 | ASN-IBSNAZ TELECOM ITALIA
> 3269 | 88.62.90.211 | ASN-IBSNAZ TELECOM ITALIA
> 3320 | 217.6.247.3 | DTAG Deutsche Telekom AG
> 3320 | 217.86.190.118 | DTAG Deutsche Telekom AG
> 3320 | 217.91.69.217 | DTAG Deutsche Telekom AG
> 3320 | 80.153.127.226 | DTAG Deutsche Telekom AG
> 3320 | 80.154.6.99 | DTAG Deutsche Telekom AG
> 3320 | 87.139.4.1 | DTAG Deutsche Telekom AG
> 3320 | 87.139.53.47 | DTAG Deutsche Telekom AG
> 3352 | 217.126.120.153 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 217.126.90.161 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 80.24.86.80 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 80.33.74.95 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 80.39.105.189 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 81.33.20.215 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3352 | 81.33.4.161 |
> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
> 3462 | 59.124.224.95 | HINET Data Communication Business Group
> 3741 | 196.211.154.74 | IS
> 3758 | 165.21.82.44 | ERX-SINGNET SingNet
> 3786 | 210.124.36.46 | LGDACOM LG DACOM Corporation
> 3790 | 196.40.71.237 | RADIGRAFICA COSTARRICENSE
> 4134 | 117.32.128.141 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 121.33.199.37 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 121.33.199.39 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 121.33.199.40 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 122.224.128.212 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4134 | 58.223.242.246 | CHINANET-BACKBONE No.31,Jin-rong Street
> 4181 | 69.128.70.86 | TDS-AS - TDS TELECOM
> 4230 | 189.17.209.130 | Embratel
> 4230 | 189.43.21.244 | Embratel
> 4230 | 200.166.58.108 | Embratel
> 4230 | 200.183.202.130 | Embratel
> 4230 | 201.38.214.15 | Embratel
> 4230 | 201.45.140.130 | Embratel
> 4323 | 66.193.171.135 | TWTC - tw telecom holdings, inc.
> 4538 | 166.111.68.183 | ERX-CERNET-BKB China
> Education and Research Network Center
> 4538 | 58.196.4.2 | ERX-CERNET-BKB China
> Education and Research Network Center
> 4589 | 213.201.150.218 | EASYNET Easynet Group Plc
> 4618 | 203.154.155.19 | INET-TH-AS Internet Thailand
> Company Limited
> 4732 | 202.227.192.215 | DION KDDI CORPORATION
> 4755 | 121.241.39.131 | TATACOMM-AS TATA
> Communications formerly VSNL is Leading ISP
> 4765 | 61.47.31.130 | WORLDNET-AS World Net & Services
> Co., Ltd.
> 4766 | 125.142.211.133 | KIXS-AS-KR Korea Telecom
> 4766 | 211.35.142.37 | KIXS-AS-KR Korea Telecom
> 4788 | 210.187.78.200 | TMNET-AS-AP TM Net, Internet
> Service Provider
> 4788 | 58.26.48.162 | TMNET-AS-AP TM Net, Internet
> Service Provider
> 4788 | 60.52.150.81 | TMNET-AS-AP TM Net, Internet
> Service Provider
> 4802 | 203.59.234.202 | ASN-IINET iiNet Limited
> 4812 | 116.228.45.5 | CHINANET-SH-AP China Telecom (Group)
> 4837 | 123.14.10.64 | CHINA169-BACKBONE CNCGROUP
> China169 Backbone
> 4837 | 218.28.143.246 | CHINA169-BACKBONE CNCGROUP
> China169 Backbone
> 4837 | 58.21.129.162 | CHINA169-BACKBONE CNCGROUP
> China169 Backbone
> 4854 | 210.15.195.222 | NETSPACE-AS-AP Netspace Online Systems
> 5089 | 82.18.121.25 | NTL NTL Group Limited
> 5462 | 92.236.53.54 | CABLEINET Telewest Broadband
> 5483 | 81.183.215.188 | HTC-AS Hungarian Telecom
> 5610 | 194.228.118.57 | TO2-CZECH-REPUBLIC Telefonica
> O2, Czech Republic
> 5617 | 79.188.29.182 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 79.190.8.138 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 80.53.113.142 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.12.137.44 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.14.130.34 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.14.217.242 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.15.23.250 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.17.26.90 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.18.101.134 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.18.167.180 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.18.194.52 | TPNET Polish Telecom_s
> commercial IP network
> 5617 | 83.19.207.210 | TPNET Polish Telecom_s
> commercial IP network
> 5669 | 212.168.161.23 | VIA-NET-WORKS-AS
> PSINet Europe / VIA NET.WORKS international AS
> 6128 | 69.27.242.70 | CABLE-NET-1 - Cablevision Systems Corp.
> 6140 | 201.234.137.136 | IMPSAT-USA - ImpSat USA, Inc.
> 6389 | 68.213.208.164 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389 | 70.154.244.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389 | 72.151.97.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389 | 74.238.205.245 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389 | 74.246.132.70 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6429 | 190.54.35.179 | Telmex Chile Internet S.A.
> 6429 | 200.29.135.50 | Telmex Chile Internet S.A.
> 6429 | 200.29.169.170 | Telmex Chile Internet S.A.
> 6458 | 201.216.160.186 | Telgua
> 6471 | 200.72.207.130 | ENTEL CHILE S.A.
> 6746 | 78.96.220.78 | ASTRAL ASTRAL Telecom SA, Romania
> 6830 | 89.176.233.244 | UPC UPC Broadband
> 6849 | 82.207.103.151 | UKRTELNET JSC UKRTELECOM,
> 6871 | 84.92.176.223 | PLUSNET PlusNet PLC
> 6981 | 70.46.14.34 | FDNCOM - FDN.com
> 6981 | 70.46.140.187 | FDNCOM - FDN.com
> 6981 | 72.17.248.251 | FDNCOM - FDN.com
> 7132 | 69.217.30.214 | SBIS-AS - AT&T Internet Services
> 7132 | 76.193.128.193 | SBIS-AS - AT&T Internet Services
> 7545 | 123.243.125.149 | TPG-INTERNET-AP TPG Internet Pty Ltd
> 7725 | 74.95.30.50 | CCH-AS7 - Comcast
> Cable Communications Holdings, Inc
> 8065 | 200.58.202.45 | EPM Telecomunicaciones S.A. E.S.P.
> 8065 | 200.75.68.8 | EPM Telecomunicaciones S.A. E.S.P.
> 8065 | 201.232.101.7 | EPM Telecomunicaciones S.A. E.S.P.
> 8167 | 201.15.123.57 | TELESC - Telecomunicacoes de
> Santa Catarina SA
> 8167 | 201.25.144.18 | TELESC - Telecomunicacoes de
> Santa Catarina SA
> 8167 | 201.34.125.250 | TELESC - Telecomunicacoes de
> Santa Catarina SA
> 8190 | 135.196.168.36 | VIATEL Viatel European Backbone
> 8220 | 62.72.110.203 | COLT COLT Telecommunications
> 8220 | 87.241.33.10 | COLT COLT Telecommunications
> 8286 | 212.14.40.1 | ACI-AS ACI Automous System
> 8342 | 195.161.160.206 | RTCOMM-AS RTComm.RU Autonomous System
> 8447 | 80.121.214.202 | TELEKOM-AT Telekom Austria
> AutonomousSystem
> 8514 | 62.99.214.107 | INODE UPC Austria GmbH
> 8560 | 87.106.14.168 | ONEANDONE-AS 1&1 Internet AG
> 8594 | 90.188.155.248 | OMSKELECOM Omsk
> region Electric Communications Joint Stock Comp.
> 8764 | 81.7.92.17 | TEOLTAB TEO LT AB Autonomous System
> 8881 | 194.39.185.40 | VERSATEL Versatel Deutschland
> 9121 | 88.250.224.99 | TTNET TTnet Autonomous System
> 9145 | 85.16.66.141 | EWETEL EWE TEL GmbH
> 9370 | 59.106.23.143 | SAKURA-B SAKURA Internet Inc.
> 9498 | 59.145.225.3 | BBIL-AP BHARTI Airtel Ltd.
> 9808 | 218.201.39.216 | CMNET-GD Guangdong Mobile
> Communication Co.Ltd.
> 9811 | 211.144.151.111 | BJGY srit corp.,beijing.
> 10013 | 123.50.6.214 | FBDC FreeBit Co.,Ltd.
> 10143 | 220.233.111.161 | EXETEL-AS-AP Exetel Pty Ltd
> 10297 | 209.190.1.204 | COLUMBUSNAP - The
> Columbus Network Access Point, Inc.
> 10297 | 209.190.33.214 | COLUMBUSNAP - The
> Columbus Network Access Point, Inc.
> 10429 | 201.28.119.60 | Telefonica Empresas SA
> 10429 | 201.28.216.115 | Telefonica Empresas SA
> 10481 | 200.127.112.176 | Prima S.A.
> 10620 | 200.118.119.48 | TV Cable S.A.
> 11172 | 200.56.117.250 | Alestra
> 11340 | 200.2.114.175 | Red Universitaria Nacional
> 11556 | 190.34.172.5 | Cable & Wireless Panama
> 12006 | 69.176.215.40 |
> EUREKANETWORKS-AS-12006 - eLink Communications INC.
> 12271 | 64.131.252.41 | SCRR-12271 - Road Runner HoldCo LLC
> 12301 | 212.24.177.170 | INVITEL Invitel, Hungary
> 12322 | 82.246.150.252 | PROXAD AS for Proxad/Free ISP
> 12334 | 83.165.217.84 | AS R Cable y Telecomunicaciones
> Galicia S.A.
> 12386 | 88.87.195.14 | ASALPI Catalana de Telecomunicacions
> 12620 | 62.48.116.233 | TICINOCOM Ticinocom SA
> 12715 | 87.216.50.50 | JAZZNET Jazz Telecom S.A.
> 12874 | 89.97.242.11 | FASTWEB Fastweb Autonomous System
> 12874 | 89.97.62.16 | FASTWEB Fastweb Autonomous System
> 12883 | 89.105.237.103 | FARLEP-AS Farlep-Internet ISP
> 12946 | 85.152.35.2 | TELECABLE TELECABLE Autonomous System
> 13110 | 62.21.4.75 | ICP-AS Internet Cable Provider network
> 13301 | 85.14.218.104 | UNITEDCOLO-AS Autonomous System
> of unitedcolo.de
> 15467 | 62.112.222.9 | ENTERNET-LIBERCOM-AS Enternet
> 2001 Ltd., Hungary
> 15557 | 80.118.132.88 | LDCOMNET NEUF CEGETEL (formerly
> LDCOM NETWORKS)
> 15611 | 62.60.136.250 | Iranian Research
> Organization for Science & Technology
> 16287 | 87.103.215.30 | KUZBASSNET Kemerovo
> regional branch of OJSC _Sibirtelecom_
> 16586 | 74.60.31.80 | CLEARWIRE - Clearwire, LLC
> 16735 | 200.170.141.134 | Companhia de Telecomunicacoes do
> Brasil Central
> 16810 | 76.160.167.251 | CAVTEL02 - Cavalier Telephone
> 16814 | 190.210.29.149 | NSS S.A.
> 17054 | 208.40.197.182 | AS17054 - CONTINENTAL BROADBAND
> PENNSYLVANIA, INC.
> 17184 | 74.7.213.142 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
> 17222 | 200.196.50.26 | Mundivox do Brasil Ltda.
> 17816 | 221.4.104.101 | CHINA169-GZ CNCGROUP
> IP network China169 Guangzhou MAN
> 17964 | 218.241.129.42 | DXTNET Beijing
> Dian-Xin-Tong Network Technologies Co., Ltd.
> 17964 | 218.241.129.43 | DXTNET Beijing
> Dian-Xin-Tong Network Technologies Co., Ltd.
> 18403 | 210.245.52.85 | FPT-AS-AP The
> Corporation for Financing & Promoting Technology
> 18747 | 190.60.41.82 | IFX-NW - IFX Communication Ventures, Inc.
> 18990 | 69.26.203.10 | AIRBAND-DALLAS - Airband
> Communications, Inc
> 19180 | 190.8.149.130 | AMERICATEL PERU S.A.
> 19262 | 71.118.8.244 | VZGNI-TRANSIT - Verizon Internet
> Services Inc.
> 19262 | 71.166.159.177 | VZGNI-TRANSIT - Verizon Internet
> Services Inc.
> 19262 | 71.242.245.111 | VZGNI-TRANSIT - Verizon Internet
> Services Inc.
> 19262 | 96.225.194.10 | VZGNI-TRANSIT - Verizon Internet
> Services Inc.
> 19422 | 200.58.145.226 | Telefonica Moviles del Uruguay SA
> 19429 | 200.93.147.114 | ETB - Colombia
> 19429 | 65.167.61.106 | ETB - Colombia
> 20676 | 212.202.242.170 | QSC-1 QSC AG
> 20676 | 83.236.179.50 | QSC-1 QSC AG
> 20959 | 80.207.171.46 |
> TELECOM-ITALIA-DATA-COM This AS Number will be used by the
> Datacom Network.
> 21494 | 80.254.182.86 | GREEN green.ch AG, Brugg, Switzerland
> 21687 | 64.72.87.100 | HVDN-ROUTING - Hudson Valley DataNet, LLC
> 24679 | 83.246.95.74 | SSERV-AS Hostway Deutschland
> GmbH (Server-Service)
> 24962 | 77.91.130.109 | ASN-TSUKRAINE Telesystems of Ukraine
> 25310 | 84.9.60.95 | ASN-CWACCESS Cable and Wireless
> Access Ltd
> 25832 | 200.187.4.4 | PRODEB
> 27650 | 190.5.195.98 | EMTEL S.A. E.S.P.
> 27699 | 189.47.132.97 | TELECOMUNICACOES DE SAO PAULO
> S/A - TELESP
> 27699 | 189.47.181.174 | TELECOMUNICACOES DE SAO PAULO
> S/A - TELESP
> 27699 | 200.207.80.9 | TELECOMUNICACOES DE SAO PAULO
> S/A - TELESP
> 27699 | 200.207.9.57 | TELECOMUNICACOES DE SAO PAULO
> S/A - TELESP
> 27724 | 189.36.160.62 | Nelson Quintas Telecom. do Brasil Ltda
> 27879 | 190.15.193.42 | Informática y Telecomunicaciones S.A.
> 28338 | 189.45.1.1 |
> 28573 | 201.6.102.53 | NET Servicos de Comunicao S.A.
> 28573 | 201.6.120.211 | NET Servicos de Comunicao S.A.
> 28573 | 201.6.148.171 | NET Servicos de Comunicao S.A.
> 29113 | 88.146.223.210 | SLOANE-AS Sloane
> Park Property Trust, a.s. Autonomous System
> 29194 | 83.151.14.162 | ASN-TVT TeleRadioCompany TVT
> 31334 | 91.64.130.61 | KABELDEUTSCHLAND-AS
> Kabel Deutschland Breitband Service GmbH
> 33491 | 75.146.101.28 | DNEO-OSP7 - Comcast Cable
> Communications, Inc.
> 33588 | 69.144.192.34 | BRESNAN-AS - Bresnan Communications, LLC.
> 33657 | 69.250.167.72 | DNEO-OSP7 - Comcast Cable
> Communications, Inc.
> 34315 | 85.93.97.50 | MAXNET-AS MAXNET Maxprogres, s.r.o.
> 35612 | 88.149.158.50 | NGI-AS NGI Spa
> 35612 | 88.149.192.134 | NGI-AS NGI Spa
>
> In the logs, we see something like this. Slow
> enough as to not trip over our firewall rate limiting on the box.
>
> Sep 10 08:44:15 vinyl4 sshd[26636]: error: PAM:
> authentication error for illegal user temporary from 121.33.199.37
> Sep 10 08:44:48 vinyl4 sshd[26640]: error: PAM:
> authentication error for illegal user christelle from 74.7.213.142
> Sep 10 08:45:25 vinyl4 sshd[26652]: error: PAM:
> authentication error for illegal user christelle from 88.34.230.218
> Sep 10 08:45:29 vinyl4 sshd[26658]: error: PAM:
> authentication error for illegal user christelle from 201.216.160.186
> Sep 10 08:46:06 vinyl4 sshd[26676]: error: PAM:
> authentication error for illegal user christelle from 189.43.21.244
> Sep 10 08:46:19 vinyl4 sshd[26680]: error: PAM:
> authentication error for illegal user christelle from 165.21.82.44
> Sep 10 08:46:42 vinyl4 sshd[26687]: error: PAM:
> authentication error for illegal user christelle from 62.72.110.203
> Sep 10 08:47:22 vinyl4 sshd[26693]: error: PAM:
> authentication error for illegal user christelle from 74.238.205.245
> Sep 10 08:47:39 vinyl4 sshd[26698]: error: PAM:
> authentication error for illegal user christelle from 218.201.39.216
> Sep 10 08:48:09 vinyl4 sshd[26711]: error: PAM:
> authentication error for illegal user christelle from 80.39.105.189
> Sep 10 08:48:15 vinyl4 sshd[26715]: error: PAM:
> authentication error for illegal user christelle from 210.245.52.85
> Sep 10 08:48:49 vinyl4 sshd[26727]: error: PAM:
> authentication error for illegal user christelle from 201.6.120.211
> Sep 10 08:49:32 vinyl4 sshd[26732]: error: PAM:
> authentication error for illegal user christelle from 190.5.195.98
> Sep 10 08:50:19 vinyl4 sshd[26742]: error: PAM:
> authentication error for illegal user christelle from 200.93.147.114
> Sep 10 08:50:55 vinyl4 sshd[26756]: error: PAM:
> authentication error for illegal user christelle from 190.210.29.149
> Sep 10 08:52:05 vinyl4 sshd[26769]: error: PAM:
> authentication error for illegal user christiane from 190.15.193.42
> Sep 10 08:52:14 vinyl4 sshd[26772]: error: PAM:
> authentication error for illegal user christiane from 194.108.136.72
> Sep 10 08:52:44 vinyl4 sshd[26778]: error: PAM:
> authentication error for illegal user christiane from 217.6.247.3
> Sep 10 08:52:59 vinyl4 sshd[26782]: error: PAM:
> authentication error for illegal user christiane from 83.151.14.162
> Sep 10 08:53:30 vinyl4 sshd[26791]: error: PAM:
> authentication error for illegal user christiane from 76.160.167.251
> Sep 10 08:54:12 vinyl4 sshd[26798]: error: PAM:
> authentication error for illegal user christiane from 80.154.6.99
> Sep 10 08:54:45 vinyl4 sshd[26802]: error: PAM:
> authentication error for illegal user christiane from 121.241.39.131
> Sep 10 08:54:51 vinyl4 sshd[26806]: error: PAM:
> authentication error for illegal user christiane from 210.124.36.46
> Sep 10 08:55:30 vinyl4 sshd[26825]: error: PAM:
> authentication error for illegal user christiane from 80.53.113.142
> Sep 10 08:55:41 vinyl4 sshd[26829]: error: PAM:
> authentication error for illegal user christiane from 87.139.4.1
> Sep 10 08:56:07 vinyl4 sshd[26839]: error: PAM:
> authentication error for illegal user christiane from 82.88.55.72
> Sep 10 08:56:18 vinyl4 sshd[26845]: error: PAM:
> authentication error for illegal user christiane from 84.92.176.223
> Sep 10 08:57:30 vinyl4 sshd[26863]: error: PAM:
> authentication error for illegal user christiane from 74.60.31.80
> Sep 10 08:58:03 vinyl4 sshd[26872]: error: PAM:
> authentication error for illegal user christine from 194.84.60.1
> Sep 10 08:58:15 vinyl4 sshd[26877]: error: PAM:
> authentication error for illegal user christine from 217.126.120.153
> Sep 10 08:58:58 vinyl4 sshd[26885]: error: PAM:
> authentication error for illegal user christine from 194.228.118.57
> Sep 10 08:59:20 vinyl4 sshd[26889]: error: PAM:
> authentication error for illegal user christine from 69.27.242.70
> Sep 10 08:59:38 vinyl4 sshd[26894]: error: PAM:
> authentication error for illegal user christine from 59.124.224.95
> Sep 10 09:00:12 vinyl4 sshd[26927]: error: PAM:
> authentication error for illegal user christine from 200.2.114.175
> Sep 10 09:00:17 vinyl4 sshd[26930]: error: PAM:
> authentication error for illegal user christine from 65.167.61.106
> Sep 10 09:00:48 vinyl4 sshd[26937]: error: PAM:
> authentication error for illegal user christine from 125.142.211.133
> Sep 10 09:00:53 vinyl4 sshd[26949]: error: PAM:
> authentication error for illegal user christine from 79.4.137.92
> Sep 10 09:01:25 vinyl4 sshd[26967]: error: PAM:
> authentication error for illegal user christine from 121.33.199.39
> Sep 10 09:01:28 vinyl4 sshd[26970]: error: PAM:
> authentication error for illegal user christine from 80.177.241.2
> Sep 10 09:02:06 vinyl4 sshd[26983]: error: PAM:
> authentication error for illegal user christine from 221.4.104.101
> Sep 10 09:02:15 vinyl4 sshd[26991]: error: PAM:
> authentication error for illegal user christine from 212.202.242.170
> Sep 10 09:02:43 vinyl4 sshd[26997]: error: PAM:
> authentication error for illegal user christine from 211.144.151.111
> Sep 10 09:03:37 vinyl4 sshd[27005]: error: PAM:
> authentication error for illegal user christine from 212.168.161.23
> Sep 10 09:03:39 vinyl4 sshd[27009]: error: PAM:
> authentication error for illegal user christine from 200.93.147.114
> Sep 10 09:04:13 vinyl4 sshd[27018]: error: PAM:
> authentication error for illegal user christine from 81.33.4.161
>
>
> --------------------------------------------------------------------
> Mike Tancsa, tel +1 519 651 3400
> Sentex Communications, mike at sentex.net
> Providing Internet since 1994 www.sentex.net
> Cambridge, Ontario Canada www.sentex.net/mike
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list