[PLUG] Break in attempt?
Denis Heidtmann
denis.heidtmann at gmail.com
Sun Feb 19 17:57:49 UTC 2012
On Sun, Feb 19, 2012 at 9:30 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> On Sun, 19 Feb 2012, Denis Heidtmann wrote:
>
>> I found that on Friday the auth.log shows many (over 300) messages such
>> as:
>>
>> 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN ATTEMPT!
>> Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173
>> Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo
>> for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE
>> BREAK-IN ATTEMPT!
>
> Denis,
>
> Almost every morning my ssh logs show cracking attempts: invalid user, bad
> password, reverse mapping failures, attempts to log in as postfix, dovecot,
> etc. I ignore them since they all failed. All I look for are ssh logins that
> succeeded: mine from my portable and my partner when we're sharing data.
>
> Some days the log shows tens-of-thousands of attempts by script kiddies
> using password dictionaries and lists of login names. In 15 years no
> unauthorized user has cracked our network.
>
> Rich
I have heard this before from many people. But this is the first time
it has happened to me. It must be that the dsl connection was not
attractive to hackers.
Does this imply that the login attempt message I received was of a
different sort of attack? My modem (not a router) has wireless that I
cannot turn off.
-Denis
More information about the PLUG
mailing list