Damien Hull wrote, On 10/17/2004 10:02 PM:
> I'm sitting here surfing the net. My dsl modem is right next to me. I
> happened to see traffic going through when there shouldn't have been.
>
> I did a "netstat -ta" to see if anything on my box was connecting to the
> net. What I found was much worse. I saw an ssh connection from my box to
> an ip address I have never seen.
>
> Here's what I found in /var/log/messages.
> Oct 17 21:40:33 tower1 sshd[31174]: Failed password for test from
> 218.21.78.22 port 3716 ssh2
Me, too -- same IP address, only a couple of hours later:
Oct 17 23:47:57 demerzel sshd[11721]: Illegal user test from 218.21.78.22
Oct 17 23:48:01 demerzel sshd[11723]: Illegal user guest from 218.21.78.22
Oct 17 23:48:05 demerzel sshd[11725]: Illegal user admin from 218.21.78.22
Oct 17 23:48:09 demerzel sshd[11727]: Illegal user admin from 218.21.78.22
Oct 17 23:48:13 demerzel sshd[11729]: Illegal user user from 218.21.78.22
-royce
-- ------------------------------------------------------------------------ Royce D. Williams IP Engineering, ACS personal: [first]@alaska.net PGP: 3FC087DB/1776A531 work: [first.last]@acsalaska.net http://www.tycho.org/royce/ --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Mon Oct 18 00:08:41 2004
This archive was generated by hypermail 2.1.8 : Mon Oct 18 2004 - 00:08:42 AKDT