Re: security question
From: ynotssor (ynotssor_at_example.net)
Date: 06/09/05
- Next message: Tommy Reynolds: "Re: what does a high value in vmstat b column mean?"
- Previous message: Malick: "Re: security question"
- In reply to: Paul O'Donnell: "security question"
- Next in thread: Moe Trin: "Re: security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 9 Jun 2005 09:37:06 -0700
"Paul O'Donnell" <odonnellp@rogers.com> wrote in message
news:gYadnR44xu1M1zXfRVn-pw@rogers.com...
> Jun 8 11:58:01 cpe0010dcfc5db5-cm024350002546 sshd[4146]: Failed
> password for root from 202.134.124.150 port 51550 ssh2
>
> Does this mean that someone from 202.134.124.150 is trying to hack into
> my system? Out of curiosity I visited the ip address and found it to be
> http://www.wmg-group.com/index.asp. I have never visited this site in my
> life.
>
> What does this mean?
The IP address 202.134.124.150 probably redirects HTTP requests on port 80
to some webserver which is hosting a web presence for wmg-group.com. The
address may be just a NAT for a larger network behind it, any of which
machines may be the guilty party for the ssh root login attempts of your
machine.
As another poster pointed out, the address belongs to:
Domain Name: UNISITE.NET
Registrant:
Unisite Internet Presence Provider
6A, Hang Seng Building,
289 Sha Tsui Road,
Tsuen Wan,
N.T.,, - -
HK
As long as you open your port 22 to the world, you will have endless numbers
of these attempts. You should only open the ports for access to specific
machines or networks that need the access.
- Next message: Tommy Reynolds: "Re: what does a high value in vmstat b column mean?"
- Previous message: Malick: "Re: security question"
- In reply to: Paul O'Donnell: "security question"
- Next in thread: Moe Trin: "Re: security question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
