From: D.Maznekov /O. Co./ <d.m...@op...> - 2006-12-17 09:45:55
|
I'm using from long time ago DH on my Slackware GW. But from few = versions to last one I see somthing strange. This is conclusions from = the LogWatch wich I'v use too. Lets see the message from it: --------------------- SSHD Begin ------------------------=20 =20 Didn't receive an ident from these IPs: 194.150.121.42: 1 Time(s) 210.188.218.88: 1 Time(s) 211.75.63.196: 2 Time(s) 212.52.133.242: 1 Time(s) 222.128.249.121: 1 Time(s) 74-130-120-232.dhcp.insightbb.com (74.130.120.232): 1 Time(s) 80.96.76.4: 2 Time(s) =20 Failed logins from these: adm/password from 210.188.218.88: 1 Time(s) adm/password from 212.52.133.242: 1 Time(s) bin/password from 210.188.218.88: 1 Time(s) bin/password from 212.52.133.242: 1 Time(s) bin/password from 74.130.120.232: 1 Time(s) daemon/password from 210.188.218.88: 1 Time(s) daemon/password from 212.52.133.242: 1 Time(s) ftp/password from 210.188.218.88: 1 Time(s) ftp/password from 211.75.63.196: 4 Time(s) ftp/password from 212.52.133.242: 1 Time(s) ftp/password from 74.130.120.232: 1 Time(s) games/password from 210.188.218.88: 1 Time(s) games/password from 212.52.133.242: 1 Time(s) halt/password from 210.188.218.88: 1 Time(s) halt/password from 212.52.133.242: 1 Time(s) invalid user abc (password) from 211.75.63.196: 4 Time(s) invalid user adam (password) from 210.188.218.88: 1 Time(s) invalid user adam (password) from 212.52.133.242: 1 Time(s) invalid user admin (password) from 194.150.121.42: 2 Time(s) invalid user admin (password) from 210.188.218.88: 7 Time(s) invalid user admin (password) from 211.75.63.196: 4 Time(s) invalid user admin (password) from 212.52.133.242: 27 Time(s) invalid user admin (password) from 74.130.120.232: 1 Time(s) invalid user administrator (password) from 194.150.121.42: 2 Time(s) invalid user administrator (password) from 210.188.218.88: 1 Time(s) invalid user administrator (password) from 212.52.133.242: 1 Time(s) invalid user admins (password) from 210.188.218.88: 2 Time(s) invalid user admins (password) from 212.52.133.242: 2 Time(s) invalid user ads (password) from 211.75.63.196: 4 Time(s) ...and many more lines like this. So, DH punish hosts in "Didn't receive an ident from these IPs" and sent = me an e-mail. But the others ??? Real dictionary attacks?=20 Have someone same problem? Please, advise how to proceed. Regards Topper |