[nsp-sec] coordinated slow ssh crack attempts
Sweeney, William- CIPS
Bill_Sweeney at cable.comcast.com
Thu Sep 11 10:00:13 EDT 2008
ACK Comcast
7725 / 33491 / 33657
-----Original Message-----
From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Stephen Gill
Sent: Wednesday, September 10, 2008 5:02 PM
To: Smith, Donald; Mike Tancsa; nsp-security at puck.nether.net
Subject: Re: [nsp-sec] coordinated slow ssh crack attempts
----------- nsp-security Confidential --------
Any chance we could get an intro? AFAIK we don't process that list
currently. I guess theoretically we could use it regardless, but a daily
diff would be slightly easier to manage.
-- steve
On 9/10/08 10:16 AM, "Smith, Donald" <Donald.Smith at qwest.com> wrote:
> ----------- nsp-security Confidential --------
>
> Daniel Gerzo who has been fairly active in ssh bruteforce blocking has a list
> of ssh bruteforce attackers here:
> http://danger.rulez.sk/projects/bruteforceblocker/blist.php
>
> Whois info here:
> https://asn.cymru.com/nsp-sec/upload/1221065932.whois.txt
>
> I checked several of the IP addresses that Mike submitted. The ones I checked
> were in this list too.
> Those were also checked at
> http://isc.sans.org/ipdetails.html?ip=xxx.xxx.xxx.xxx and the ones I checked
> showed up there as being reported for ssh attacks.
>
> So I didn't validate the ENTIRE list but did spot check against several
> sources with zero false positives so far.
>
> I removed the qwest ips and will provide them to our abuse team for
> notification.
>
> Security through obscurity WORKS against some worms and ssh attacks:)
> Donald.Smith at qwest.com giac
>
>> -----Original Message-----
>> From: nsp-security-bounces at puck.nether.net
>> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Mike Tancsa
>> Sent: Wednesday, September 10, 2008 8:28 AM
>> To: nsp-security at puck.nether.net
>> Subject: [nsp-sec] coordinated slow ssh crack attempts
>>
>> ----------- nsp-security Confidential --------
>>
>> It seems the IP addresses below are part of some
>> coordinated bruteforce ssh attack. The IPs below
>> each try a user once or twice (example below IP
>> list). It started at 0400 GMT today and is still continuing now.
>>
>>
>> # grep Invalid /var/log/auth.log | grep from |
>> awk '{print $10}' | sort | uniq | awk '{print
>> "whois -h whois.cymru.com "$1}' | sh | grep -v ^AS | sort -n
>> AS | IP | AS Name
>> 1221 | 121.223.232.208 | ASN-TELSTRA Telstra Pty Ltd
>> 1221 | 165.228.181.30 | ASN-TELSTRA Telstra Pty Ltd
>> 1221 | 165.228.206.192 | ASN-TELSTRA Telstra Pty Ltd
>> 2529 | 80.177.241.2 | DEMON-INTERNET Demon Internet
>> 2819 | 193.179.133.237 | GTSCZ GTS NOVERA (GTS CZ)
>> 2819 | 194.108.136.72 | GTSCZ GTS NOVERA (GTS CZ)
>> 2854 | 194.84.60.1 | ROSPRINT-AS &Equant Russia AS
>> 2856 | 81.149.101.27 | BT-UK-AS BTnet UK Regional network
>> 3209 | 213.23.22.123 | Arcor IP-Network
>> 3215 | 193.251.43.141 | AS3215 France Telecom - Orange
>> 3216 | 195.190.125.194 | SOVAM-AS Golden Telecom, Moscow, Russia
>> 3216 | 195.218.214.30 | SOVAM-AS Golden Telecom, Moscow, Russia
>> 3269 | 79.28.101.87 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 79.4.137.92 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 79.5.121.3 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 82.186.188.42 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 82.88.55.72 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 82.89.73.130 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 85.42.91.154 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 87.30.163.87 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 88.34.230.218 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 88.38.216.170 | ASN-IBSNAZ TELECOM ITALIA
>> 3269 | 88.62.90.211 | ASN-IBSNAZ TELECOM ITALIA
>> 3320 | 217.6.247.3 | DTAG Deutsche Telekom AG
>> 3320 | 217.86.190.118 | DTAG Deutsche Telekom AG
>> 3320 | 217.91.69.217 | DTAG Deutsche Telekom AG
>> 3320 | 80.153.127.226 | DTAG Deutsche Telekom AG
>> 3320 | 80.154.6.99 | DTAG Deutsche Telekom AG
>> 3320 | 87.139.4.1 | DTAG Deutsche Telekom AG
>> 3320 | 87.139.53.47 | DTAG Deutsche Telekom AG
>> 3352 | 217.126.120.153 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 217.126.90.161 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 80.24.86.80 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 80.33.74.95 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 80.39.105.189 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 81.33.20.215 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3352 | 81.33.4.161 |
>> TELEFONICA-DATA-ESPANA Internet Access Network of TDE
>> 3462 | 59.124.224.95 | HINET Data Communication Business Group
>> 3741 | 196.211.154.74 | IS
>> 3758 | 165.21.82.44 | ERX-SINGNET SingNet
>> 3786 | 210.124.36.46 | LGDACOM LG DACOM Corporation
>> 3790 | 196.40.71.237 | RADIGRAFICA COSTARRICENSE
>> 4134 | 117.32.128.141 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4134 | 121.33.199.37 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4134 | 121.33.199.39 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4134 | 121.33.199.40 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4134 | 122.224.128.212 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4134 | 58.223.242.246 | CHINANET-BACKBONE No.31,Jin-rong Street
>> 4181 | 69.128.70.86 | TDS-AS - TDS TELECOM
>> 4230 | 189.17.209.130 | Embratel
>> 4230 | 189.43.21.244 | Embratel
>> 4230 | 200.166.58.108 | Embratel
>> 4230 | 200.183.202.130 | Embratel
>> 4230 | 201.38.214.15 | Embratel
>> 4230 | 201.45.140.130 | Embratel
>> 4323 | 66.193.171.135 | TWTC - tw telecom holdings, inc.
>> 4538 | 166.111.68.183 | ERX-CERNET-BKB China
>> Education and Research Network Center
>> 4538 | 58.196.4.2 | ERX-CERNET-BKB China
>> Education and Research Network Center
>> 4589 | 213.201.150.218 | EASYNET Easynet Group Plc
>> 4618 | 203.154.155.19 | INET-TH-AS Internet Thailand
>> Company Limited
>> 4732 | 202.227.192.215 | DION KDDI CORPORATION
>> 4755 | 121.241.39.131 | TATACOMM-AS TATA
>> Communications formerly VSNL is Leading ISP
>> 4765 | 61.47.31.130 | WORLDNET-AS World Net & Services
>> Co., Ltd.
>> 4766 | 125.142.211.133 | KIXS-AS-KR Korea Telecom
>> 4766 | 211.35.142.37 | KIXS-AS-KR Korea Telecom
>> 4788 | 210.187.78.200 | TMNET-AS-AP TM Net, Internet
>> Service Provider
>> 4788 | 58.26.48.162 | TMNET-AS-AP TM Net, Internet
>> Service Provider
>> 4788 | 60.52.150.81 | TMNET-AS-AP TM Net, Internet
>> Service Provider
>> 4802 | 203.59.234.202 | ASN-IINET iiNet Limited
>> 4812 | 116.228.45.5 | CHINANET-SH-AP China Telecom (Group)
>> 4837 | 123.14.10.64 | CHINA169-BACKBONE CNCGROUP
>> China169 Backbone
>> 4837 | 218.28.143.246 | CHINA169-BACKBONE CNCGROUP
>> China169 Backbone
>> 4837 | 58.21.129.162 | CHINA169-BACKBONE CNCGROUP
>> China169 Backbone
>> 4854 | 210.15.195.222 | NETSPACE-AS-AP Netspace Online Systems
>> 5089 | 82.18.121.25 | NTL NTL Group Limited
>> 5462 | 92.236.53.54 | CABLEINET Telewest Broadband
>> 5483 | 81.183.215.188 | HTC-AS Hungarian Telecom
>> 5610 | 194.228.118.57 | TO2-CZECH-REPUBLIC Telefonica
>> O2, Czech Republic
>> 5617 | 79.188.29.182 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 79.190.8.138 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 80.53.113.142 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.12.137.44 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.14.130.34 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.14.217.242 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.15.23.250 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.17.26.90 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.18.101.134 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.18.167.180 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.18.194.52 | TPNET Polish Telecom_s
>> commercial IP network
>> 5617 | 83.19.207.210 | TPNET Polish Telecom_s
>> commercial IP network
>> 5669 | 212.168.161.23 | VIA-NET-WORKS-AS
>> PSINet Europe / VIA NET.WORKS international AS
>> 6128 | 69.27.242.70 | CABLE-NET-1 - Cablevision Systems Corp.
>> 6140 | 201.234.137.136 | IMPSAT-USA - ImpSat USA, Inc.
>> 6389 | 68.213.208.164 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
>> 6389 | 70.154.244.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
>> 6389 | 72.151.97.35 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
>> 6389 | 74.238.205.245 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
>> 6389 | 74.246.132.70 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
>> 6429 | 190.54.35.179 | Telmex Chile Internet S.A.
>> 6429 | 200.29.135.50 | Telmex Chile Internet S.A.
>> 6429 | 200.29.169.170 | Telmex Chile Internet S.A.
>> 6458 | 201.216.160.186 | Telgua
>> 6471 | 200.72.207.130 | ENTEL CHILE S.A.
>> 6746 | 78.96.220.78 | ASTRAL ASTRAL Telecom SA, Romania
>> 6830 | 89.176.233.244 | UPC UPC Broadband
>> 6849 | 82.207.103.151 | UKRTELNET JSC UKRTELECOM,
>> 6871 | 84.92.176.223 | PLUSNET PlusNet PLC
>> 6981 | 70.46.14.34 | FDNCOM - FDN.com
>> 6981 | 70.46.140.187 | FDNCOM - FDN.com
>> 6981 | 72.17.248.251 | FDNCOM - FDN.com
>> 7132 | 69.217.30.214 | SBIS-AS - AT&T Internet Services
>> 7132 | 76.193.128.193 | SBIS-AS - AT&T Internet Services
>> 7545 | 123.243.125.149 | TPG-INTERNET-AP TPG Internet Pty Ltd
>> 7725 | 74.95.30.50 | CCH-AS7 - Comcast
>> Cable Communications Holdings, Inc
>> 8065 | 200.58.202.45 | EPM Telecomunicaciones S.A. E.S.P.
>> 8065 | 200.75.68.8 | EPM Telecomunicaciones S.A. E.S.P.
>> 8065 | 201.232.101.7 | EPM Telecomunicaciones S.A. E.S.P.
>> 8167 | 201.15.123.57 | TELESC - Telecomunicacoes de
>> Santa Catarina SA
>> 8167 | 201.25.144.18 | TELESC - Telecomunicacoes de
>> Santa Catarina SA
>> 8167 | 201.34.125.250 | TELESC - Telecomunicacoes de
>> Santa Catarina SA
>> 8190 | 135.196.168.36 | VIATEL Viatel European Backbone
>> 8220 | 62.72.110.203 | COLT COLT Telecommunications
>> 8220 | 87.241.33.10 | COLT COLT Telecommunications
>> 8286 | 212.14.40.1 | ACI-AS ACI Automous System
>> 8342 | 195.161.160.206 | RTCOMM-AS RTComm.RU Autonomous System
>> 8447 | 80.121.214.202 | TELEKOM-AT Telekom Austria
>> AutonomousSystem
>> 8514 | 62.99.214.107 | INODE UPC Austria GmbH
>> 8560 | 87.106.14.168 | ONEANDONE-AS 1&1 Internet AG
>> 8594 | 90.188.155.248 | OMSKELECOM Omsk
>> region Electric Communications Joint Stock Comp.
>> 8764 | 81.7.92.17 | TEOLTAB TEO LT AB Autonomous System
>> 8881 | 194.39.185.40 | VERSATEL Versatel Deutschland
>> 9121 | 88.250.224.99 | TTNET TTnet Autonomous System
>> 9145 | 85.16.66.141 | EWETEL EWE TEL GmbH
>> 9370 | 59.106.23.143 | SAKURA-B SAKURA Internet Inc.
>> 9498 | 59.145.225.3 | BBIL-AP BHARTI Airtel Ltd.
>> 9808 | 218.201.39.216 | CMNET-GD Guangdong Mobile
>> Communication Co.Ltd.
>> 9811 | 211.144.151.111 | BJGY srit corp.,beijing.
>> 10013 | 123.50.6.214 | FBDC FreeBit Co.,Ltd.
>> 10143 | 220.233.111.161 | EXETEL-AS-AP Exetel Pty Ltd
>> 10297 | 209.190.1.204 | COLUMBUSNAP - The
>> Columbus Network Access Point, Inc.
>> 10297 | 209.190.33.214 | COLUMBUSNAP - The
>> Columbus Network Access Point, Inc.
>> 10429 | 201.28.119.60 | Telefonica Empresas SA
>> 10429 | 201.28.216.115 | Telefonica Empresas SA
>> 10481 | 200.127.112.176 | Prima S.A.
>> 10620 | 200.118.119.48 | TV Cable S.A.
>> 11172 | 200.56.117.250 | Alestra
>> 11340 | 200.2.114.175 | Red Universitaria Nacional
>> 11556 | 190.34.172.5 | Cable & Wireless Panama
>> 12006 | 69.176.215.40 |
>> EUREKANETWORKS-AS-12006 - eLink Communications INC.
>> 12271 | 64.131.252.41 | SCRR-12271 - Road Runner HoldCo LLC
>> 12301 | 212.24.177.170 | INVITEL Invitel, Hungary
>> 12322 | 82.246.150.252 | PROXAD AS for Proxad/Free ISP
>> 12334 | 83.165.217.84 | AS R Cable y Telecomunicaciones
>> Galicia S.A.
>> 12386 | 88.87.195.14 | ASALPI Catalana de Telecomunicacions
>> 12620 | 62.48.116.233 | TICINOCOM Ticinocom SA
>> 12715 | 87.216.50.50 | JAZZNET Jazz Telecom S.A.
>> 12874 | 89.97.242.11 | FASTWEB Fastweb Autonomous System
>> 12874 | 89.97.62.16 | FASTWEB Fastweb Autonomous System
>> 12883 | 89.105.237.103 | FARLEP-AS Farlep-Internet ISP
>> 12946 | 85.152.35.2 | TELECABLE TELECABLE Autonomous System
>> 13110 | 62.21.4.75 | ICP-AS Internet Cable Provider network
>> 13301 | 85.14.218.104 | UNITEDCOLO-AS Autonomous System
>> of unitedcolo.de
>> 15467 | 62.112.222.9 | ENTERNET-LIBERCOM-AS Enternet
>> 2001 Ltd., Hungary
>> 15557 | 80.118.132.88 | LDCOMNET NEUF CEGETEL (formerly
>> LDCOM NETWORKS)
>> 15611 | 62.60.136.250 | Iranian Research
>> Organization for Science & Technology
>> 16287 | 87.103.215.30 | KUZBASSNET Kemerovo
>> regional branch of OJSC _Sibirtelecom_
>> 16586 | 74.60.31.80 | CLEARWIRE - Clearwire, LLC
>> 16735 | 200.170.141.134 | Companhia de Telecomunicacoes do
>> Brasil Central
>> 16810 | 76.160.167.251 | CAVTEL02 - Cavalier Telephone
>> 16814 | 190.210.29.149 | NSS S.A.
>> 17054 | 208.40.197.182 | AS17054 - CONTINENTAL BROADBAND
>> PENNSYLVANIA, INC.
>> 17184 | 74.7.213.142 | ATL-CBEYOND - CBEYOND COMMUNICATIONS, LLC
>> 17222 | 200.196.50.26 | Mundivox do Brasil Ltda.
>> 17816 | 221.4.104.101 | CHINA169-GZ CNCGROUP
>> IP network China169 Guangzhou MAN
>> 17964 | 218.241.129.42 | DXTNET Beijing
>> Dian-Xin-Tong Network Technologies Co., Ltd.
>> 17964 | 218.241.129.43 | DXTNET Beijing
>> Dian-Xin-Tong Network Technologies Co., Ltd.
>> 18403 | 210.245.52.85 | FPT-AS-AP The
>> Corporation for Financing & Promoting Technology
>> 18747 | 190.60.41.82 | IFX-NW - IFX Communication Ventures, Inc.
>> 18990 | 69.26.203.10 | AIRBAND-DALLAS - Airband
>> Communications, Inc
>> 19180 | 190.8.149.130 | AMERICATEL PERU S.A.
>> 19262 | 71.118.8.244 | VZGNI-TRANSIT - Verizon Internet
>> Services Inc.
>> 19262 | 71.166.159.177 | VZGNI-TRANSIT - Verizon Internet
>> Services Inc.
>> 19262 | 71.242.245.111 | VZGNI-TRANSIT - Verizon Internet
>> Services Inc.
>> 19262 | 96.225.194.10 | VZGNI-TRANSIT - Verizon Internet
>> Services Inc.
>> 19422 | 200.58.145.226 | Telefonica Moviles del Uruguay SA
>> 19429 | 200.93.147.114 | ETB - Colombia
>> 19429 | 65.167.61.106 | ETB - Colombia
>> 20676 | 212.202.242.170 | QSC-1 QSC AG
>> 20676 | 83.236.179.50 | QSC-1 QSC AG
>> 20959 | 80.207.171.46 |
>> TELECOM-ITALIA-DATA-COM This AS Number will be used by the
>> Datacom Network.
>> 21494 | 80.254.182.86 | GREEN green.ch AG, Brugg, Switzerland
>> 21687 | 64.72.87.100 | HVDN-ROUTING - Hudson Valley DataNet, LLC
>> 24679 | 83.246.95.74 | SSERV-AS Hostway Deutschland
>> GmbH (Server-Service)
>> 24962 | 77.91.130.109 | ASN-TSUKRAINE Telesystems of Ukraine
>> 25310 | 84.9.60.95 | ASN-CWACCESS Cable and Wireless
>> Access Ltd
>> 25832 | 200.187.4.4 | PRODEB
>> 27650 | 190.5.195.98 | EMTEL S.A. E.S.P.
>> 27699 | 189.47.132.97 | TELECOMUNICACOES DE SAO PAULO
>> S/A - TELESP
>> 27699 | 189.47.181.174 | TELECOMUNICACOES DE SAO PAULO
>> S/A - TELESP
>> 27699 | 200.207.80.9 | TELECOMUNICACOES DE SAO PAULO
>> S/A - TELESP
>> 27699 | 200.207.9.57 | TELECOMUNICACOES DE SAO PAULO
>> S/A - TELESP
>> 27724 | 189.36.160.62 | Nelson Quintas Telecom. do Brasil Ltda
>> 27879 | 190.15.193.42 | Informática y Telecomunicaciones S.A.
>> 28338 | 189.45.1.1 |
>> 28573 | 201.6.102.53 | NET Servicos de Comunicao S.A.
>> 28573 | 201.6.120.211 | NET Servicos de Comunicao S.A.
>> 28573 | 201.6.148.171 | NET Servicos de Comunicao S.A.
>> 29113 | 88.146.223.210 | SLOANE-AS Sloane
>> Park Property Trust, a.s. Autonomous System
>> 29194 | 83.151.14.162 | ASN-TVT TeleRadioCompany TVT
>> 31334 | 91.64.130.61 | KABELDEUTSCHLAND-AS
>> Kabel Deutschland Breitband Service GmbH
>> 33491 | 75.146.101.28 | DNEO-OSP7 - Comcast Cable
>> Communications, Inc.
>> 33588 | 69.144.192.34 | BRESNAN-AS - Bresnan Communications, LLC.
>> 33657 | 69.250.167.72 | DNEO-OSP7 - Comcast Cable
>> Communications, Inc.
>> 34315 | 85.93.97.50 | MAXNET-AS MAXNET Maxprogres, s.r.o.
>> 35612 | 88.149.158.50 | NGI-AS NGI Spa
>> 35612 | 88.149.192.134 | NGI-AS NGI Spa
>>
>> In the logs, we see something like this. Slow
>> enough as to not trip over our firewall rate limiting on the box.
>>
>> Sep 10 08:44:15 vinyl4 sshd[26636]: error: PAM:
>> authentication error for illegal user temporary from 121.33.199.37
>> Sep 10 08:44:48 vinyl4 sshd[26640]: error: PAM:
>> authentication error for illegal user christelle from 74.7.213.142
>> Sep 10 08:45:25 vinyl4 sshd[26652]: error: PAM:
>> authentication error for illegal user christelle from 88.34.230.218
>> Sep 10 08:45:29 vinyl4 sshd[26658]: error: PAM:
>> authentication error for illegal user christelle from 201.216.160.186
>> Sep 10 08:46:06 vinyl4 sshd[26676]: error: PAM:
>> authentication error for illegal user christelle from 189.43.21.244
>> Sep 10 08:46:19 vinyl4 sshd[26680]: error: PAM:
>> authentication error for illegal user christelle from 165.21.82.44
>> Sep 10 08:46:42 vinyl4 sshd[26687]: error: PAM:
>> authentication error for illegal user christelle from 62.72.110.203
>> Sep 10 08:47:22 vinyl4 sshd[26693]: error: PAM:
>> authentication error for illegal user christelle from 74.238.205.245
>> Sep 10 08:47:39 vinyl4 sshd[26698]: error: PAM:
>> authentication error for illegal user christelle from 218.201.39.216
>> Sep 10 08:48:09 vinyl4 sshd[26711]: error: PAM:
>> authentication error for illegal user christelle from 80.39.105.189
>> Sep 10 08:48:15 vinyl4 sshd[26715]: error: PAM:
>> authentication error for illegal user christelle from 210.245.52.85
>> Sep 10 08:48:49 vinyl4 sshd[26727]: error: PAM:
>> authentication error for illegal user christelle from 201.6.120.211
>> Sep 10 08:49:32 vinyl4 sshd[26732]: error: PAM:
>> authentication error for illegal user christelle from 190.5.195.98
>> Sep 10 08:50:19 vinyl4 sshd[26742]: error: PAM:
>> authentication error for illegal user christelle from 200.93.147.114
>> Sep 10 08:50:55 vinyl4 sshd[26756]: error: PAM:
>> authentication error for illegal user christelle from 190.210.29.149
>> Sep 10 08:52:05 vinyl4 sshd[26769]: error: PAM:
>> authentication error for illegal user christiane from 190.15.193.42
>> Sep 10 08:52:14 vinyl4 sshd[26772]: error: PAM:
>> authentication error for illegal user christiane from 194.108.136.72
>> Sep 10 08:52:44 vinyl4 sshd[26778]: error: PAM:
>> authentication error for illegal user christiane from 217.6.247.3
>> Sep 10 08:52:59 vinyl4 sshd[26782]: error: PAM:
>> authentication error for illegal user christiane from 83.151.14.162
>> Sep 10 08:53:30 vinyl4 sshd[26791]: error: PAM:
>> authentication error for illegal user christiane from 76.160.167.251
>> Sep 10 08:54:12 vinyl4 sshd[26798]: error: PAM:
>> authentication error for illegal user christiane from 80.154.6.99
>> Sep 10 08:54:45 vinyl4 sshd[26802]: error: PAM:
>> authentication error for illegal user christiane from 121.241.39.131
>> Sep 10 08:54:51 vinyl4 sshd[26806]: error: PAM:
>> authentication error for illegal user christiane from 210.124.36.46
>> Sep 10 08:55:30 vinyl4 sshd[26825]: error: PAM:
>> authentication error for illegal user christiane from 80.53.113.142
>> Sep 10 08:55:41 vinyl4 sshd[26829]: error: PAM:
>> authentication error for illegal user christiane from 87.139.4.1
>> Sep 10 08:56:07 vinyl4 sshd[26839]: error: PAM:
>> authentication error for illegal user christiane from 82.88.55.72
>> Sep 10 08:56:18 vinyl4 sshd[26845]: error: PAM:
>> authentication error for illegal user christiane from 84.92.176.223
>> Sep 10 08:57:30 vinyl4 sshd[26863]: error: PAM:
>> authentication error for illegal user christiane from 74.60.31.80
>> Sep 10 08:58:03 vinyl4 sshd[26872]: error: PAM:
>> authentication error for illegal user christine from 194.84.60.1
>> Sep 10 08:58:15 vinyl4 sshd[26877]: error: PAM:
>> authentication error for illegal user christine from 217.126.120.153
>> Sep 10 08:58:58 vinyl4 sshd[26885]: error: PAM:
>> authentication error for illegal user christine from 194.228.118.57
>> Sep 10 08:59:20 vinyl4 sshd[26889]: error: PAM:
>> authentication error for illegal user christine from 69.27.242.70
>> Sep 10 08:59:38 vinyl4 sshd[26894]: error: PAM:
>> authentication error for illegal user christine from 59.124.224.95
>> Sep 10 09:00:12 vinyl4 sshd[26927]: error: PAM:
>> authentication error for illegal user christine from 200.2.114.175
>> Sep 10 09:00:17 vinyl4 sshd[26930]: error: PAM:
>> authentication error for illegal user christine from 65.167.61.106
>> Sep 10 09:00:48 vinyl4 sshd[26937]: error: PAM:
>> authentication error for illegal user christine from 125.142.211.133
>> Sep 10 09:00:53 vinyl4 sshd[26949]: error: PAM:
>> authentication error for illegal user christine from 79.4.137.92
>> Sep 10 09:01:25 vinyl4 sshd[26967]: error: PAM:
>> authentication error for illegal user christine from 121.33.199.39
>> Sep 10 09:01:28 vinyl4 sshd[26970]: error: PAM:
>> authentication error for illegal user christine from 80.177.241.2
>> Sep 10 09:02:06 vinyl4 sshd[26983]: error: PAM:
>> authentication error for illegal user christine from 221.4.104.101
>> Sep 10 09:02:15 vinyl4 sshd[26991]: error: PAM:
>> authentication error for illegal user christine from 212.202.242.170
>> Sep 10 09:02:43 vinyl4 sshd[26997]: error: PAM:
>> authentication error for illegal user christine from 211.144.151.111
>> Sep 10 09:03:37 vinyl4 sshd[27005]: error: PAM:
>> authentication error for illegal user christine from 212.168.161.23
>> Sep 10 09:03:39 vinyl4 sshd[27009]: error: PAM:
>> authentication error for illegal user christine from 200.93.147.114
>> Sep 10 09:04:13 vinyl4 sshd[27018]: error: PAM:
>> authentication error for illegal user christine from 81.33.4.161
>>
>>
>> --------------------------------------------------------------------
>> Mike Tancsa, tel +1 519 651 3400
>> Sentex Communications, mike at sentex.net
>> Providing Internet since 1994 www.sentex.net
>> Cambridge, Ontario Canada www.sentex.net/mike
>>
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security
>> community. Confidentiality is essential for effective
>> Internet security counter-measures.
>> _______________________________________________
>>
>>
>
>
> This communication is the property of Qwest and may contain confidential or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful. If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
More information about the nsp-security
mailing list