[PLUG] Break in attempt?
Denis Heidtmann
denis.heidtmann at gmail.com
Sun Feb 19 17:17:01 UTC 2012
I did something stupid. Yesterday (Saturday) evening a window popped
up saying someone wanted to log in. I permitted it thinking it was my
son. Within two minutes I found out that it was not he, so I shut
down.
This morning I perused the logs (network off). I found that on Friday
the auth.log shows many (over 300) messages such as:
23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173
Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo
for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE
BREAK-IN ATTEMPT!
Where "rookie" changed to many different names.
Background: On Friday I changed from DSLnorthwest to Comcast. The
Comcast installation was completed just before noon on Friday. When
the tech set up the machine he attempted to install some software, but
he said it failed. He said they have software for Windows and Mac. I
wonder if anything nasty was stuck on the machine at that time, of if
Comcast was attempting to do the failed installation.
Advice?
-Denis
More information about the PLUG
mailing list