[linux-l] Portscanner
Olaf Radicke
olaf_rad at gmx.de
Fr Okt 7 15:27:42 CEST 2005
Am Freitag, 7. Oktober 2005 14:34 schrieb Manuel Tennert:
[.. ]
> Hallo Olaf,
>
> Eine Frage von mir: wie hast Du das herausgefunden?
Root bekommt E-Mails von watchdog-d
> Durch die logs?
Die Logs bestätigen das.
> Wenn ja
> in welchen hast Du nachgesehen und welchen Inhalt hatten diese?
<schnipp /var/log/secure>
[...]
Oct 5 01:11:04 localhost sshd[5725]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:11:06 localhost sshd[5725]: Failed password for invalid user
anonymous from ::ffff:72.20.1.66 port 47775 ssh2
[...]
Oct 5 01:11:20 localhost sshd[5735]: Invalid user mysql
from ::ffff:72.20.1.66
Oct 5 01:11:20 localhost sshd[5735]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:11:22 localhost sshd[5735]: Failed password for invalid user mysql
from ::ffff:72.20.1.66 port 49584 ssh2
Oct 5 01:11:24 localhost sshd[5738]: Invalid user mysql
from ::ffff:72.20.1.66
Oct 5 01:11:24 localhost sshd[5738]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:11:26 localhost sshd[5738]: Failed password for invalid user mysql
from ::ffff:72.20.1.66 port 50005 ssh2
Oct 5 01:11:28 localhost sshd[5741]: Invalid user mysql
from ::ffff:72.20.1.66
Oct 5 01:11:28 localhost sshd[5741]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:11:30 localhost sshd[5741]: Failed password for invalid user mysql
from ::ffff:72.20.1.66 port 50477 ssh2
[...]
Oct 5 01:12:08 localhost sshd[5763]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:10 localhost sshd[5763]: Failed password for root
from ::ffff:72.20.1.66 port 54930 ssh2
Oct 5 01:12:12 localhost sshd[5765]: Invalid user carol
from ::ffff:72.20.1.66
Oct 5 01:12:12 localhost sshd[5765]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:14 localhost sshd[5765]: Failed password for invalid user carol
from ::ffff:72.20.1.66 port 55310 ssh2
Oct 5 01:12:16 localhost sshd[5768]: Invalid user cesar
from ::ffff:72.20.1.66
Oct 5 01:12:16 localhost sshd[5768]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:18 localhost sshd[5768]: Failed password for invalid user cesar
from ::ffff:72.20.1.66 port 55760 ssh2
Oct 5 01:12:20 localhost sshd[5771]: Invalid user clark
from ::ffff:72.20.1.66
Oct 5 01:12:20 localhost sshd[5771]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:22 localhost sshd[5771]: Failed password for invalid user clark
from ::ffff:72.20.1.66 port 56390 ssh2
Oct 5 01:12:24 localhost sshd[5774]: Invalid user clinton
from ::ffff:72.20.1.66
Oct 5 01:12:24 localhost sshd[5774]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:26 localhost sshd[5774]: Failed password for invalid user clinton
from ::ffff:72.20.1.66 port 57754 ssh2
Oct 5 01:12:28 localhost sshd[5777]: Invalid user kayla
from ::ffff:72.20.1.66
Oct 5 01:12:28 localhost sshd[5777]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:30 localhost sshd[5777]: Failed password for invalid user kayla
from ::ffff:72.20.1.66 port 58254 ssh2
Oct 5 01:12:32 localhost sshd[5780]: Invalid user russ from ::ffff:72.20.1.66
Oct 5 01:12:32 localhost sshd[5780]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:34 localhost sshd[5780]: Failed password for invalid user russ
from ::ffff:72.20.1.66 port 58940 ssh2
Oct 5 01:12:36 localhost sshd[5783]: Invalid user white
from ::ffff:72.20.1.66
Oct 5 01:12:36 localhost sshd[5783]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:38 localhost sshd[5783]: Failed password for invalid user white
from ::ffff:72.20.1.66 port 59839 ssh2
Oct 5 01:12:40 localhost sshd[5786]: Invalid user danny
from ::ffff:72.20.1.66
Oct 5 01:12:40 localhost sshd[5786]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:42 localhost sshd[5786]: Failed password for invalid user danny
from ::ffff:72.20.1.66 port 60413 ssh2
Oct 5 01:12:44 localhost sshd[5789]: Invalid user filip
from ::ffff:72.20.1.66
Oct 5 01:12:44 localhost sshd[5789]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:46 localhost sshd[5789]: Failed password for invalid user filip
from ::ffff:72.20.1.66 port 32909 ssh2
Oct 5 01:12:48 localhost sshd[5792]: Invalid user stephanie
from ::ffff:72.20.1.66
Oct 5 01:12:48 localhost sshd[5792]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:50 localhost sshd[5792]: Failed password for invalid user
stephanie from ::ffff:72.20.1.66 port 33856 ssh2
Oct 5 01:12:52 localhost sshd[5795]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
Oct 5 01:12:54 localhost sshd[5795]: Failed password for root
from ::ffff:72.20.1.66 port 34395 ssh2
[...]
Oct 5 01:38:17 localhost sshd[7133]: Failed password for root
from ::ffff:72.20.1.66 port 49464 ssh2
Oct 5 01:38:18 localhost sshd[7253]: reverse mapping checking getaddrinfo
for . failed - POSSIBLE BREAKIN ATTEMPT!
[...]
<schnapp /var/log/secure>
MfG
Olaf
Mehr Informationen über die Mailingliste linux-l