Re: [SLE] Think I've been cracked... not certain

From: Rhugga (suse-list_at_sandiego420.com)
Date: 07/31/04

  • Next message: Patrick Shanahan: "Re: [SLE] Fetchmail Daemon Problem" 
    Date: Fri, 30 Jul 2004 16:47:45 -0700
To: C Hamel <vgm2@sc2000.net>

    C Hamel wrote:

    >I have never before seen this. I have the firewall engaged. Not certain what
    >ot make of it. All I know is that my internet connection went down the last
    >two times of the three this happened , and has been a little flakey all day
    >long.
    >====
    >Jul 29 05:30:53 linux sshd[6054]: Illegal user test from 163.19.207.248
    >Jul 29 05:30:53 linux sshd[6054]: input_userauth_request: illegal user test
    >Jul 29 05:30:53 linux sshd[6054]: Failed password for illegal user test from
    >163.19.207.248 port 55657 ssh2
    >Jul 29 05:30:53 linux sshd[6054]: Received disconnect from 163.19.207.248: 11:
    >Bye Bye
    >Jul 29 05:30:59 linux sshd[6055]: Illegal user guest from 163.19.207.248
    >Jul 29 05:30:59 linux sshd[6055]: input_userauth_request: illegal user guest
    >Jul 29 05:30:59 linux sshd[6055]: Failed password for illegal user guest from
    >163.19.207.248 port 55662 ssh2
    >Jul 29 05:31:00 linux sshd[6055]: Received disconnect from 163.19.207.248: 11:
    >Bye Bye
    >
    >
    >
    Use snort or tcpdump to really see what's going on. If this is the only
    attack you are seeing against your box, it is likely some script
    kiddie's playing with all the hackware out there. (because these attacks
    are blantantly simple and sshd is the last service a true hacker would
    target being there are so many easier services to target)

    What you really wanna watch out for are the ICMP and UDP type attacks
    you will only detect using snort or tcpdump. (which is what snort uses)
    This is where the real threat lies.....

    -rhugga 

    -- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Patrick Shanahan: "Re: [SLE] Fetchmail Daemon Problem"

    Relevant Pages

    • CanSecWest 2008 PWN2OWN - Mar 26-28
      ... This year's contest will begin on March 26th, ... -RF attacks are done offsite by special arrangement... ... Players will connect to the targets with a crossover cable and we will ... we will put the target online behind a firewall. ...
      (Pen-Test)
    • CanSecWest 2008 PWN2OWN - Mar 26-28
      ... This year's contest will begin on March 26th, ... -RF attacks are done offsite by special arrangement... ... Players will connect to the targets with a crossover cable and we will ... we will put the target online behind a firewall. ...
      (Security-Basics)
    • CanSecWest 2008 PWN2OWN - Mar 26-28
      ... This year's contest will begin on March 26th, ... -RF attacks are done offsite by special arrangement... ... Players will connect to the targets with a crossover cable and we will ... we will put the target online behind a firewall. ...
      (Bugtraq)
    • [fw-wiz] CanSecWest 2008 PWN2OWN - Mar 26-28
      ... This year's contest will begin on March 26th, ... -RF attacks are done offsite by special arrangement... ... Players will connect to the targets with a crossover cable and we will ... we will put the target online behind a firewall. ...
      (Firewall-Wizards)
    • CanSecWest 2008 PWN2OWN - Mar 26-28
      ... This year's contest will begin on March 26th, ... -RF attacks are done offsite by special arrangement... ... Players will connect to the targets with a crossover cable and we will ... we will put the target online behind a firewall. ...
      (Vuln-Dev)