Attempt to breakin

From: YouCanToo (dwmoar_at_findmoore.net)
Date: 07/08/05

• Next message: Eric Teuber: "Re: Attempt to breakin"
• Previous message: Clifford Kite: "Re: PPP server doesn`t assign an IP address"
• Next in thread: Eric Teuber: "Re: Attempt to breakin"
• Reply: Eric Teuber: "Re: Attempt to breakin"
• Reply: Unruh: "Re: Attempt to breakin"
• Reply: Todd Knarr: "Re: Attempt to breakin"
• Reply: Tauno Voipio: "Re: Attempt to breakin"
• Reply: Postmaster: "Re: Attempt to breakin"
• Reply: Rainer Krienke: "Re: Attempt to breakin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Fri, 08 Jul 2005 09:18:42 -0700

Hi all,

     Can someone please help me better understand the following messages
from my server log and possibility point me in the direction to help
stop it in the future?

I think they have used just about every name in the dictionary

Thanks

Jul 6 21:37:48 findmoore sshd[7965]: Failed password for root from
61.80.30.13 port 42989 ssh2
Jul 6 21:37:53 findmoore sshd[7968]: Failed password for root from
61.80.30.13 port 42976 ssh2
Jul 6 21:37:54 findmoore sshd[7969]: Failed password for root from
61.80.30.13 port 42977 ssh2
Jul 6 21:37:56 findmoore sshd[7977]: Invalid user admin from 61.80.30.13
Jul 6 21:37:56 findmoore sshd[7977]: error: Could not get shadow
information for NOUSER
Jul 6 21:37:56 findmoore sshd[7977]: Failed password for invalid user
admin from 61.80.30.13 port 43272 ssh2
Jul 6 21:38:00 findmoore sshd[7988]: Invalid user david from 61.80.30.13

Jul 7 17:35:37 findmoore sshd[29816]: Failed password for root from
4.36.241.5 port 47369 ssh2
Jul 7 17:35:38 findmoore sshd[29820]: Invalid user backup from 4.36.241.5
Jul 7 17:35:38 findmoore sshd[29820]: error: Could not get shadow
information for NOUSER
Jul 7 17:35:38 findmoore sshd[29820]: Failed password for invalid user
backup from 4.36.241.5 port 47544 ssh2
Jul 7 17:35:40 findmoore sshd[29830]: Invalid user info from 4.36.241.5
Jul 7 17:35:40 findmoore sshd[29830]: error: Could not get shadow
information for NOUSER
Jul 7 17:35:40 findmoore sshd[29830]: Failed password for invalid user
info from 4.36.241.5 port 47595 ssh2
Jul 7 17:35:42 findmoore sshd[29832]: Invalid user shop from 4.36.241.5

Jul 7 20:14:30 findmoore sshd[15699]: Failed password for invalid user
network from 219.240.36.46 port 41960 ssh2
Jul 7 20:14:32 findmoore sshd[15701]: Invalid user word from 219.240.36.46
Jul 7 20:14:32 findmoore sshd[15701]: error: Could not get shadow
information for NOUSER
Jul 7 20:14:32 findmoore sshd[15701]: Failed password for invalid user
word from 219.240.36.46 port 42316 ssh2
Jul 7 20:14:34 findmoore sshd[15704]: Failed password for root from
219.240.36.46 port 42666 ssh2
Jul 7 20:14:37 findmoore sshd[15714]: Failed password for root from
219.240.36.46 port 43060 ssh2
Jul 7 20:14:39 findmoore sshd[15724]: Failed password for root from
219.240.36.46 port 43435 ssh2
Jul 7 20:14:41 findmoore sshd[15726]: Failed password for root from
219.240.36.46 port 43839 ssh2
Jul 7 20:14:43 findmoore sshd[15744]: Failed password for root from
219.240.36.46 port 44206 ssh2
Jul 7 20:14:45 findmoore sshd[15747]: Failed password for root from
219.240.36.46 port 44636 ssh2
Jul 7 20:14:47 findmoore sshd[15761]: Failed password for root from
219.240.36.46 port 44981 ssh2
Jul 7 20:14:49 findmoore sshd[15765]: Failed password for root from
219.240.36.46 port 45412 ssh2
Jul 7 20:14:51 findmoore sshd[15767]: Failed password for root from
219.240.36.46 port 45787 ssh2
Jul 7 20:14:53 findmoore sshd[15777]: Failed password for root from
219.240.36.46 port 46215 ssh2
Jul 7 20:14:55 findmoore sshd[15779]: Failed password for root from
219.240.36.46 port 46555 ssh2
Jul 7 20:14:57 findmoore sshd[15783]: Failed password for root from
219.240.36.46 port 46950 ssh2
Jul 7 20:15:00 findmoore sshd[15793]: Failed password for root from
219.240.36.46 port 47313 ssh2
Jul 7 20:15:02 findmoore sshd[15796]: Failed password for root from
219.240.36.46 port 47782 ssh2
Jul 7 20:15:04 findmoore sshd[15806]: Invalid user admin from 219.240.36.46

Jul 8 02:00:55 findmoore sshd[23479]: Failed password for invalid user
ellen from 147.46.9.218 port 45600 ssh2
Jul 8 02:00:57 findmoore sshd[23483]: Invalid user dexter from 147.46.9.218
Jul 8 02:00:57 findmoore sshd[23483]: error: Could not get shadow
information for NOUSER
Jul 8 02:00:57 findmoore sshd[23483]: Failed password for invalid user
dexter from 147.46.9.218 port 45660 ssh2
Jul 8 02:00:57 findmoore sshd[23486]: Invalid user emil from 147.46.9.218
Jul 8 02:00:57 findmoore sshd[23486]: error: Could not get shadow
information for NOUSER
Jul 8 02:00:57 findmoore sshd[23486]: Failed password for invalid user
emil from 147.46.9.218 port 45681 ssh2
Jul 8 02:00:58 findmoore sshd[23490]: Invalid user *** from 147.46.9.218
Jul 8 02:00:58 findmoore sshd[23490]: error: Could not get shadow
information for NOUSER

---

• Next message: Eric Teuber: "Re: Attempt to breakin"
• Previous message: Clifford Kite: "Re: PPP server doesn`t assign an IP address"
• Next in thread: Eric Teuber: "Re: Attempt to breakin"
• Reply: Eric Teuber: "Re: Attempt to breakin"
• Reply: Unruh: "Re: Attempt to breakin"
• Reply: Todd Knarr: "Re: Attempt to breakin"
• Reply: Tauno Voipio: "Re: Attempt to breakin"
• Reply: Postmaster: "Re: Attempt to breakin"
• Reply: Rainer Krienke: "Re: Attempt to breakin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2005-07