On 7/15/05, Steven Buehler <swbuehler@gmail.com> wrote:
>
> On Jul 15, 2005, at 10:32 AM, steve szmidt wrote:
>
> > Jul 1 21:54:28 fpac-dev sshd[12883]: Illegal user administrator from
> > 219.198.120.65
> >
> > [The above line says on July 1'st at 9:54pm the computer called
> > fpac-dev got a
> > report from sshd that an illegal login attempt was made to root.
> > Following it
> > down below we see that it came from 219.198.120.65. Which belongs to
> > somewhere in Asia-Pacific. I usually don't have much luck with
> > people from
> > there.]
>
> Angel:~ steven$ host 219.198.120.65
> 65.120.198.219.in-addr.arpa domain name pointer
> YahooBB219198120065.bbtec.net.
>
> Traceroute to this address as follows (after my local
> network)...somewhere after it leaves the Verio backbone it jumps to a
> private network (10.* addresses are reserved for IANA special use).
>
> I'd suggest forwarding this log file to the FBI, who has finally
> started getting interested in this sort of thing.
>
> 5 pop1-tby-p0-1.atdn.net (66.185.136.169) 11.374 ms 12.781 ms
> 17.431 ms
> 6 bb1-tby-p0-2.atdn.net (66.185.136.164) 58.661 ms 145.851 ms
> 197.657 ms
> 7 bb2-atm-p7-0.atdn.net (66.185.152.245) 28.953 ms 34.383 ms
> 29.991 ms
> 8 bb2-cha-p6-0.atdn.net (66.185.152.31) 34.338 ms 35.051 ms
> 33.595 ms
> 9 bb2-ash-p13-0.atdn.net (66.185.152.50) 47.082 ms 46.957 ms
> 45.497 ms
> 10 pop3-ash-p1-0.atdn.net (66.185.148.211) 48.875 ms 155.581 ms
> 45.287 ms
> 11 verio.atdn.net (66.185.140.242) 43.868 ms 55.302 ms 45.652 ms
> 12 p16-0-1-2.r20.plalca01.us.bb.verio.net (129.250.2.192) 93.495
> ms 97.069 ms 93.166 ms
> 13 xe-0-2-0.r21.plalca01.us.bb.verio.net (129.250.4.231) 92.600 ms
> p64-0-0-0.r20.snjsca04.us.bb.verio.net (129.250.2.71) 92.537 ms
> 92.698 ms
> 14 p64-0-0-0.r21.mlpsca01.us.bb.verio.net (129.250.5.49) 97.492 ms
> p64-2-0-0.r21.mlpsca01.us.bb.verio.net (129.250.3.42) 94.827 ms
> 97.394 ms
> 15 p64-0-1-0.r21.tokyjp01.jp.bb.verio.net (129.250.3.206) 222.970
> ms 221.650 ms 220.307 ms
> 16 * xe-1-0-0.a20.tokyjp01.jp.ra.verio.net (61.213.162.234) 221.259
> ms 224.558 ms
> 17 xe-2-1-0.a20.tokyjp01.jp.ra.verio.net (61.120.145.94) 219.651
> ms 220.559 ms 220.368 ms
> 18 10.0.129.109 (10.0.129.109) 220.994 ms 218.230 ms 219.276 ms
> 19 10.0.129.74 (10.0.129.74) 331.897 ms 262.699 ms 415.195 ms
> 20 10.8.17.2 (10.8.17.2) 223.332 ms 219.952 ms 221.509 ms
> 21 10.199.3.178 (10.199.3.178) 221.497 ms 222.201 ms 220.010 ms
> 22 10.199.3.1 (10.199.3.1) 208.526 ms 207.471 ms 208.051 ms
> 23 10.199.3.166 (10.199.3.166) 220.091 ms 219.865 ms 219.909 ms
> 24 10.199.3.5 (10.199.3.5) 207.290 ms 206.546 ms 207.915 ms
> 25 10.199.3.70 (10.199.3.70) 221.310 ms 219.853 ms 220.468 ms
> 26 10.199.2.50 (10.199.2.50) 219.959 ms 221.155 ms 221.383 ms
> 27 * * *
> 28 * * *
> 29 * * *
> 30 * * *
> 31 * * *
Who do I contact at the FBI, given that this machine and many more like
it will be used to form part of a network for disaster recovery we would like
to at least get someone interested in this. These things are going to be off
in remote places and so we need to be able to get into them to admin them
remotely so we do not want to have to put up with these turkeys trying to
crack into them. Probably going to have to live with it, but would be nice to
grab a few by the throat and do something unprintable to them.
-- Chuck Hast To paraphrase my flight instructor; "the only dumb question is the one you DID NOT ask resulting in my going out and having to identify your bits and pieces in the midst of torn and twisted metal."----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:46:26 EDT