[Primipassi] log tentativi falliti ssh

Andrea Cataldi pischellinux@yahoo.it
Gio 8 Set 2005 16:28:54 CEST 

Ciao leandro,

questo è un estratto dei miei log:

***************************

Sep  8 12:53:49 MVS sshd[2782]: Could not reverse map address 211.218.242.189.
Sep  8 12:53:49 MVS sshd[2782]: User root not allowed because not listed in
AllowUsers
Sep  8 12:53:55 MVS sshd[2800]: Could not reverse map address 211.218.242.189.
Sep  8 12:53:55 MVS sshd[2800]: User root not allowed because not listed in
AllowUsers
Sep  8 12:54:01 MVS sshd[2802]: Could not reverse map address 211.218.242.189.
Sep  8 12:54:01 MVS sshd[2802]: User root not allowed because not listed in
AllowUsers
Sep  8 12:54:07 MVS sshd[2804]: Could not reverse map address 211.218.242.189.
Sep  8 12:54:07 MVS sshd[2804]: User root not allowed because not listed in
AllowUsers
Sep  8 12:54:13 MVS sshd[2806]: Could not reverse map address 211.218.242.189.
Sep  8 12:54:13 MVS sshd[2806]: User root not allowed because not listed in
AllowUsers
Sep  8 12:54:18 MVS sshd[2808]: Could not reverse map address 211.218.242.189.
Sep  8 12:54:18 MVS sshd[2808]: User root not allowed because not listed in
AllowUsers
Sep  8 12:54:29 MVS sshd[2810]: Could not reverse map address 211.218.242.189.
Sep  8 12:54:29 MVS sshd[2810]: User root not allowed because not listed in
AllowUsers

Sep  8 10:02:20 MVS sshd[27921]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:23 MVS sshd[27923]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:26 MVS sshd[27925]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:26 MVS sshd[27925]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:29 MVS sshd[27927]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:29 MVS sshd[27927]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:33 MVS sshd[27929]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:33 MVS sshd[27929]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:36 MVS sshd[27931]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:39 MVS sshd[27933]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:39 MVS sshd[27933]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:42 MVS sshd[27935]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:42 MVS sshd[27935]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:45 MVS sshd[27938]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:45 MVS sshd[27938]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:48 MVS sshd[27940]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:48 MVS sshd[27940]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:52 MVS sshd[27942]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:52 MVS sshd[27942]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:55 MVS sshd[27944]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:55 MVS sshd[27944]: User root not allowed because not listed in
AllowUsers
Sep  8 10:02:58 MVS sshd[27946]: Could not reverse map address 202.222.28.84.
Sep  8 10:02:58 MVS sshd[27946]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:01 MVS sshd[27948]: Could not reverse map address 202.222.28.84.
Sep  8 10:03:01 MVS sshd[27948]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:04 MVS sshd[27950]: Could not reverse map address 202.222.28.84.
Sep  8 10:03:04 MVS sshd[27950]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:07 MVS sshd[27952]: Could not reverse map address 202.222.28.84.
Sep  8 10:03:07 MVS sshd[27952]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:11 MVS sshd[27954]: Could not reverse map address 202.222.28.84.
Sep  8 10:03:11 MVS sshd[27954]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:14 MVS sshd[27956]: Could not reverse map address 202.222.28.84.
Sep  8 10:03:14 MVS sshd[27956]: User root not allowed because not listed in
AllowUsers
Sep  8 10:03:17 MVS sshd[27959]: Could not reverse map address 202.222.28.84.
***************************


Sep  7 15:04:13 MVS sshd[20685]: User root not allowed because not listed in
AllowUsers
Sep  7 15:04:19 MVS sshd[20687]: User root not allowed because not listed in
AllowUsers
Sep  7 15:04:24 MVS sshd[20689]: User root not allowed because not listed in
AllowUsers
Sep  7 15:04:59 MVS sshd[20703]: User www-data not allowed because not listed
in AllowUsers
Sep  7 15:05:22 MVS sshd[20712]: User nobody not allowed because not listed in
AllowUsers
Sep  7 15:05:27 MVS sshd[20714]: User root not allowed because not listed in
AllowUsers
Sep  7 15:05:32 MVS sshd[20716]: User backup not allowed because not listed in
AllowUsers
Sep  7 15:05:37 MVS sshd[20718]: User info not allowed because not listed in
AllowUsers
Sep  7 15:06:32 MVS sshd[20741]: User news not allowed because not listed in
AllowUsers
Sep  7 15:06:42 MVS sshd[20745]: User games not allowed because not listed in
AllowUsers
Sep  7 15:06:53 MVS sshd[20749]: User mail not allowed because not listed in
AllowUsers


Negli ultimi log, visto che viene fatto un tentativo per gli utenti comuni di
un sistema linux, è probabile che si tratti di quello che dici tu, per i
presecenti log credo che ci sia una maggiore malizia...

Ciao 
Andrea

--- Leandro Noferini <lnoferin@cybervalley.org> ha scritto: 

> Il giorno mer, 07/09/2005 alle 15.17 +0200, Andrea Cataldi ha scritto:
> 
> > Almeno una persona a notte cerca di provare ad entrare nel serverino
> > che "gestisco". Sarei curioso di vedere cosa provano, tra l'altro per
> > cercare anche di capire il grado di pericolosità dei tentativi.
> 
> Se ti riferisci ad attacchi di questo tipo:
> 1 bbs sshd: Failed password for illegal user greco
> from ::ffff:68.196.205.206 port 54055 ssh2
> 1 bbs sshd: Failed password for illegal user brambilla
> from ::ffff:68.196.205.206 port 54066 ssh2
> 1 bbs sshd: Failed password for illegal user ricci
> from ::ffff:68.196.205.206 port 54078 ssh2
> 1 bbs sshd: Failed password for illegal user gallo
> from ::ffff:68.196.205.206 port 54089 ssh2
> 
> non sono persone ma virus (non ricordo la giusta definizione) che hanno
> infettato dei computer che provano delle vulnerabilità di ssh1 (credo).
> 
> -- 
> Ciao
> leandro
> ......e saluti al brigadiere
> > _______________________________________________
> FLUG primipassi con Linux - primipassi@firenze.linux.it
> Policy: http://www.firenze.linux.it/primipassi/policy_html
> URL: https://lists.firenze.linux.it/mailman/listinfo/primipassi
> Archivio:  http://lists.firenze.linux.it/pipermail/primipassi/
> Ricerca nell'archivio: http://www.firenze.linux.it/search
> 



	

	
		
___________________________________ 
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB 
http://mail.yahoo.it

Maggiori informazioni sulla lista primipassi