Re: [SLUG] Crack Attempts

From: Steven Buehler (swbuehler@gmail.com)
Date: Fri Jul 15 2005 - 11:31:38 EDT


On Jul 15, 2005, at 10:32 AM, steve szmidt wrote:

> Jul 1 21:54:28 fpac-dev sshd[12883]: Illegal user administrator from
> 219.198.120.65
>
> [The above line says on July 1'st at 9:54pm the computer called
> fpac-dev got a
> report from sshd that an illegal login attempt was made to root.
> Following it
> down below we see that it came from 219.198.120.65. Which belongs to
> somewhere in Asia-Pacific. I usually don't have much luck with
> people from
> there.]

Angel:~ steven$ host 219.198.120.65
65.120.198.219.in-addr.arpa domain name pointer
YahooBB219198120065.bbtec.net.

Traceroute to this address as follows (after my local
network)...somewhere after it leaves the Verio backbone it jumps to a
private network (10.* addresses are reserved for IANA special use).

I'd suggest forwarding this log file to the FBI, who has finally
started getting interested in this sort of thing.

  5 pop1-tby-p0-1.atdn.net (66.185.136.169) 11.374 ms 12.781 ms
17.431 ms
6 bb1-tby-p0-2.atdn.net (66.185.136.164) 58.661 ms 145.851 ms
197.657 ms
7 bb2-atm-p7-0.atdn.net (66.185.152.245) 28.953 ms 34.383 ms
29.991 ms
8 bb2-cha-p6-0.atdn.net (66.185.152.31) 34.338 ms 35.051 ms
33.595 ms
9 bb2-ash-p13-0.atdn.net (66.185.152.50) 47.082 ms 46.957 ms
45.497 ms
10 pop3-ash-p1-0.atdn.net (66.185.148.211) 48.875 ms 155.581 ms
45.287 ms
11 verio.atdn.net (66.185.140.242) 43.868 ms 55.302 ms 45.652 ms
12 p16-0-1-2.r20.plalca01.us.bb.verio.net (129.250.2.192) 93.495
ms 97.069 ms 93.166 ms
13 xe-0-2-0.r21.plalca01.us.bb.verio.net (129.250.4.231) 92.600 ms
p64-0-0-0.r20.snjsca04.us.bb.verio.net (129.250.2.71) 92.537 ms
92.698 ms
14 p64-0-0-0.r21.mlpsca01.us.bb.verio.net (129.250.5.49) 97.492 ms
p64-2-0-0.r21.mlpsca01.us.bb.verio.net (129.250.3.42) 94.827 ms
97.394 ms
15 p64-0-1-0.r21.tokyjp01.jp.bb.verio.net (129.250.3.206) 222.970
ms 221.650 ms 220.307 ms
16 * xe-1-0-0.a20.tokyjp01.jp.ra.verio.net (61.213.162.234) 221.259
ms 224.558 ms
17 xe-2-1-0.a20.tokyjp01.jp.ra.verio.net (61.120.145.94) 219.651
ms 220.559 ms 220.368 ms
18 10.0.129.109 (10.0.129.109) 220.994 ms 218.230 ms 219.276 ms
19 10.0.129.74 (10.0.129.74) 331.897 ms 262.699 ms 415.195 ms
20 10.8.17.2 (10.8.17.2) 223.332 ms 219.952 ms 221.509 ms
21 10.199.3.178 (10.199.3.178) 221.497 ms 222.201 ms 220.010 ms
22 10.199.3.1 (10.199.3.1) 208.526 ms 207.471 ms 208.051 ms
23 10.199.3.166 (10.199.3.166) 220.091 ms 219.865 ms 219.909 ms
24 10.199.3.5 (10.199.3.5) 207.290 ms 206.546 ms 207.915 ms
25 10.199.3.70 (10.199.3.70) 221.310 ms 219.853 ms 220.468 ms
26 10.199.2.50 (10.199.2.50) 219.959 ms 221.155 ms 221.383 ms
27 * * *
28 * * *
29 * * *
30 * * *
31 * * *

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:45:20 EDT