[ale] Backtracking to an IP

Nathan J. Underwood ale1 at cybertechcafe.net
Wed Sep 8 09:07:46 EDT 2004


I suspect that I've been getting the same symptoms for about 6 weeks. 
Failed login attempts on root, admin, nouser, guest, unknown, anonymous. 
  I see the attempts on several boxes (on different networks), and there 
are generally quite a few in a very short time, and all using the same 
mo.  I definitely keep a close watch on local (and remote) logs, but 
have written it off as some script kiddie spoofing IP's and using some 
scripted tool (which would explain how they're hitting so many in such a 
short period of time) for dictionary or brute force attacks.

--
registered linux user # 73046

Nathan J. Underwood
Cyber Tech Cafe' <><
http://www.cybertechcafe.net


John Mills wrote:
> ALERs -
> 
> My box got a suspect series of ssh login attempts under common, but unused
> account names, all from the same IP address: 64.124.210.23
> 
> How can I learn a bit more about the source?
> 
> TIA.
> 
>  - John Mills
>    john.m.mills at alum.mit.edu
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature




More information about the Ale mailing list