[ale] Hack of the month...
Christopher Fowler
cfowler at outpostsentinel.com
Wed Dec 14 08:06:44 EST 2005
This is an attempt on one of my devices in colo. At home I would not
mind so much but this is a corporate site so I need to put a procedure
in place so our support/admin staff can handle these attempts
professionally and leagally. Anyone here have a similar procedure and
can give me insight?
On Wed, 2005-12-14 at 07:52 -0500, Paul Cartwright wrote:
> On Wed December 14 2005 7:40 am, Christopher Fowler wrote:
> > What is the attempt here and how are they attempting?
> >
> > Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Invalid
> > user testing from 68.120.97.218
> > Dec 14 02:58:10 209.168.246.231 authpriv.err sshd[194]: error: Could
> > not get shadow information for NOUSER
> > Dec 14 02:58:10 209.168.246.231 authpriv.info sshd[194]: Failed
> > password for invalid user testing from 68.120.97.218 port 59698 ssh2
>
> arin whois: http://ws.arin.net/cgi-bin/whois.pl
>
> shows that as an SBC user, you might want to report your logfile to :
>
> OrgAbuseHandle: ABUSE6-ARIN
> OrgAbuseName: Abuse - Southwestern Bell Internet
> OrgAbusePhone: +1-800-648-1626
> OrgAbuseEmail: abuse at sbcglobal.net
More information about the Ale
mailing list