dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2827
share rss forum feed


Simba7
I Void Warranties

join:2003-03-24
Billings, MT

Massive Botnet Attack on SSH port (router)

Well, this is a little scary. I went to check on my Router (see specs below) and this is what my messages contain:

Nov 14 03:13:22 ralph1 sshd[11398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-106.nayatel.pk user=root
Nov 14 03:29:26 ralph1 sshd[11435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 14 03:38:39 ralph1 sshd[11450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 14 03:54:42 ralph1 sshd[11477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host176-43-static.57-88-b.business.telecomitalia.it user=root
Nov 14 04:23:21 ralph1 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 14 04:35:43 ralph1 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 14 04:49:16 ralph1 sshd[11592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 14 05:02:19 ralph1 sshd[11643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.155.122.12 user=root
Nov 14 05:16:02 ralph1 sshd[11658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 14 05:30:25 ralph1 sshd[11707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 14 05:47:45 ralph1 sshd[11722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.123.175.86 user=root
Nov 14 05:56:56 ralph1 sshd[11758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 14 06:15:13 ralph1 sshd[11809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.58.188.17 user=root
Nov 14 06:25:26 ralph1 sshd[11824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.20.68.59 user=root
Nov 14 06:38:39 ralph1 sshd[11861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 14 06:52:04 ralph1 sshd[11888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 14 07:22:18 ralph1 sshd[11951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 14 07:33:56 ralph1 sshd[12057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.1.98 user=root
Nov 14 07:48:12 ralph1 sshd[12072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 14 08:01:44 ralph1 sshd[12123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.155.122.12 user=root
Nov 14 08:17:23 ralph1 sshd[12144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 14 08:36:40 ralph1 sshd[12193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host176-43-static.57-88-b.business.telecomitalia.it user=root
Nov 14 08:43:58 ralph1 sshd[12208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 14 09:00:58 ralph1 sshd[12325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 14 09:12:17 ralph1 sshd[12430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-106.nayatel.pk user=root
Nov 14 09:25:33 ralph1 sshd[12445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 14 09:41:17 ralph1 sshd[12494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 14 09:53:53 ralph1 sshd[12509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 14 10:11:21 ralph1 sshd[12560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.123.175.86 user=root
Nov 14 10:21:47 ralph1 sshd[12575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 14 10:35:33 ralph1 sshd[12612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 14 10:49:23 ralph1 sshd[12627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.155.122.12 user=root
Nov 14 11:03:43 ralph1 sshd[12678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.20.68.59 user=root
Nov 14 11:17:31 ralph1 sshd[12695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 14 11:30:11 ralph1 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 14 11:43:58 ralph1 sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 14 11:58:54 ralph1 sshd[12774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 14 12:12:26 ralph1 sshd[12825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-074-238-205-245.sip.mem.bellsouth.net user=root
Nov 14 12:25:47 ralph1 sshd[12840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 14 12:40:25 ralph1 sshd[12889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 14 12:53:25 ralph1 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 14 13:09:06 ralph1 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 14 13:20:14 ralph1 sshd[12970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.2.3.85 user=root
Nov 14 13:34:34 ralph1 sshd[13007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 14 13:47:42 ralph1 sshd[13022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 14 14:02:31 ralph1 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.234.198.58 user=root
Nov 14 14:16:43 ralph1 sshd[13088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 14 14:59:14 ralph1 sshd[13163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 14 15:16:35 ralph1 sshd[13212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 14 15:29:19 ralph1 sshd[13227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.123.175.86 user=root
Nov 14 15:38:58 ralph1 sshd[13264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 14 15:53:50 ralph1 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 14 16:07:18 ralph1 sshd[13330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.157.210.254 user=root
Nov 14 16:22:15 ralph1 sshd[13357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 14 16:36:36 ralph1 sshd[13394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 14 17:20:21 ralph1 sshd[13481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-106.nayatel.pk user=root
Nov 14 17:31:54 ralph1 sshd[13518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 14 17:44:14 ralph1 sshd[13533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 14 17:59:48 ralph1 sshd[13550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host176-43-static.57-88-b.business.telecomitalia.it user=root
Nov 14 18:13:40 ralph1 sshd[13808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 14 18:43:48 ralph1 sshd[14103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 14 18:53:12 ralph1 sshd[14118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 14 19:20:23 ralph1 sshd[14181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.2.3.85 user=root
Nov 14 19:34:37 ralph1 sshd[14218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 14 19:50:00 ralph1 sshd[14233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 14 20:03:43 ralph1 sshd[14262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 14 20:16:00 ralph1 sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 14 20:36:59 ralph1 sshd[14326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 14 20:45:34 ralph1 sshd[14363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.2.3.85 user=root
Nov 14 21:03:12 ralph1 sshd[14392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 14 21:13:27 ralph1 sshd[14429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 14 21:25:54 ralph1 sshd[14444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 14 21:40:13 ralph1 sshd[14471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.155.122.12 user=root
Nov 14 21:54:27 ralph1 sshd[14508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 14 22:07:47 ralph1 sshd[14525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 14 22:22:42 ralph1 sshd[14574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host176-43-static.57-88-b.business.telecomitalia.it user=root
Nov 14 22:34:55 ralph1 sshd[14592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-074-238-205-245.sip.mem.bellsouth.net user=root
Nov 14 22:49:07 ralph1 sshd[14629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 14 23:02:24 ralph1 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 14 23:21:08 ralph1 sshd[14707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 14 23:30:48 ralph1 sshd[14722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 14 23:47:09 ralph1 sshd[14759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 15 00:11:21 ralph1 sshd[14800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-074-238-205-245.sip.mem.bellsouth.net user=root
Nov 15 00:26:50 ralph1 sshd[14815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 15 00:38:10 ralph1 sshd[14830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 15 00:50:21 ralph1 sshd[14879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 15 01:06:52 ralph1 sshd[14896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 15 01:21:05 ralph1 sshd[14923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 01:34:19 ralph1 sshd[14938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 15 01:47:13 ralph1 sshd[14953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 15 02:00:59 ralph1 sshd[14982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 15 02:42:35 ralph1 sshd[15033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.2.3.85 user=root
Nov 15 02:56:54 ralph1 sshd[15048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 15 03:11:18 ralph1 sshd[15163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 03:24:00 ralph1 sshd[15178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.157.210.254 user=root
Nov 15 03:38:22 ralph1 sshd[15193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 15 03:52:24 ralph1 sshd[15220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip-62-129-164-36.evc.net user=root
Nov 15 04:08:44 ralph1 sshd[15237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.160.246.147 user=root
Nov 15 04:20:00 ralph1 sshd[15252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.157.210.254 user=root
Nov 15 04:34:47 ralph1 sshd[15279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 15 04:49:00 ralph1 sshd[15294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 15 05:03:21 ralph1 sshd[15323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 15 05:16:49 ralph1 sshd[15338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.234.198.58 user=root
Nov 15 05:45:24 ralph1 sshd[15377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.29.2.204 user=root
Nov 15 06:01:31 ralph1 sshd[15406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 06:31:11 ralph1 sshd[15445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 15 06:45:06 ralph1 sshd[15460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 07:03:21 ralph1 sshd[15489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 15 07:28:16 ralph1 sshd[15516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 15 07:44:32 ralph1 sshd[15543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 15 08:01:52 ralph1 sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 15 08:11:34 ralph1 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.157.210.254 user=root
Nov 15 08:25:18 ralph1 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.5.184 user=root
Nov 15 08:39:43 ralph1 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-106.nayatel.pk user=root
Nov 15 08:54:58 ralph1 sshd[15644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 15 09:08:31 ralph1 sshd[15661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 15 09:37:34 ralph1 sshd[15700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 09:51:28 ralph1 sshd[15727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 10:04:28 ralph1 sshd[15744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.1.98 user=root
Nov 15 10:21:48 ralph1 sshd[15771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.123.175.86 user=root
Nov 15 10:32:34 ralph1 sshd[15786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 15 10:50:27 ralph1 sshd[15813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.123.175.86 user=root
Nov 15 11:02:38 ralph1 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 15 11:15:43 ralph1 sshd[15845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 15 11:30:22 ralph1 sshd[15872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 15 11:46:05 ralph1 sshd[15887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 12:00:29 ralph1 sshd[15916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.155.122.12 user=root
Nov 15 12:16:26 ralph1 sshd[15931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 12:30:58 ralph1 sshd[15958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 15 12:46:30 ralph1 sshd[15973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 15 13:03:21 ralph1 sshd[16002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.61.161 user=root
Nov 15 13:18:20 ralph1 sshd[16017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161-96-207-82.ip.ukrtel.net user=root
Nov 15 13:33:11 ralph1 sshd[16044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 15 13:48:19 ralph1 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.227.239.11 user=root
Nov 15 14:05:08 ralph1 sshd[16088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 15 14:19:54 ralph1 sshd[16103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 14:35:41 ralph1 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 15:06:14 ralph1 sshd[16171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 15 15:21:28 ralph1 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.206.169.146 user=root
Nov 15 15:51:29 ralph1 sshd[16267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=dsl-202-173-145-182.qld.westnet.com.au user=root
Nov 15 16:04:27 ralph1 sshd[16284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 15 16:20:56 ralph1 sshd[16311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip-62-129-164-36.evc.net user=root
Nov 15 16:35:59 ralph1 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 16:49:53 ralph1 sshd[16341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.1.159.185 user=root
Nov 15 17:05:09 ralph1 sshd[16370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 17:18:11 ralph1 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115-186-131-75.nayatel.pk user=root
Nov 15 17:33:31 ralph1 sshd[16412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.5.184 user=root
Nov 15 17:48:08 ralph1 sshd[16427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.193.106.231 user=root
Nov 15 18:03:42 ralph1 sshd[16456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 15 18:32:09 ralph1 sshd[16528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-70-247-71-201.dsl.hrlntx.swbell.net user=root
Nov 15 18:53:16 ralph1 sshd[16555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.53.57.247 user=root
Nov 15 19:00:09 ralph1 sshd[16572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 15 19:14:42 ralph1 sshd[16587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.144.81.234 user=root
Nov 15 19:31:43 ralph1 sshd[16614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.107.61.161 user=root
Nov 15 19:45:03 ralph1 sshd[16629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.124.238.246 user=root
Nov 15 19:59:03 ralph1 sshd[16646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.174.45.37 user=root
Nov 15 20:14:38 ralph1 sshd[16673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 20:29:01 ralph1 sshd[16694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.229.6.189 user=root
Nov 15 20:43:26 ralph1 sshd[16721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.109.129.166 user=root
Nov 15 21:00:13 ralph1 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=dsl-202-173-145-182.qld.westnet.com.au user=root
Nov 15 21:12:31 ralph1 sshd[17143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=adsl-074-238-205-245.sip.mem.bellsouth.net user=root
Last week was even worse. I just emerged fail2ban and fired it up. I also noticed alot of dictionary attacks, but nothing got through.
--
Bresnan 18M/1M
MyWS[E5200@3.75GHz,4GB RAM,2x1TB HDDs,Win7]
WifeWS[A64@2GHz,2GB RAM,120GB HDD,Win7]
Router[2xP3@1GHz,512MB RAM,18GB HDD,SMC 8432BTA,2xDigital DE504,Compaq NC3131,Intel Pro/1000MT,IBM Gigabit Ethernet-SX,Allied Telesyn AT2560FX,Gentoo Linux]


koolkid1563
Premium,MVM
join:2005-11-06
Powell, WY
I had noticed that as well on my router until I changed the port the daemon was listening on. Now the only requests I see coming through are my own.


Simba7
I Void Warranties

join:2003-03-24
Billings, MT
reply to Simba7
That's next, but I'll probably rebuild it and update all the packages on it first.

Just waiting for Gentoo to update the linux-headers to 2.6.36.

nate2073

join:2007-09-05
Helena, MT
reply to Simba7
Do you use key authentication? Would it be possible on your router.


koolkid1563
Premium,MVM
join:2005-11-06
Powell, WY
I use key authentication (passwd auth is disabled) but it still bothered me that they were attempting to open a connection.

alphainfinit2

join:2007-07-16
Whitefish, MT
Put a firewall appliance in front of your router. You can use a VERY old machine. There are lots of good free firewalls out there that will run perfectly fine on a PIII.
--
[URL=http://www.speedtest.net][IMG]»www.speedtest.net/result/5780826···G][/URL]


Simba7
I Void Warranties

join:2003-03-24
Billings, MT
said by alphainfinit2:

Put a firewall appliance in front of your router. You can use a VERY old machine. There are lots of good free firewalls out there that will run perfectly fine on a PIII.

*sigh* Have you seen the specs on my router/firewall?

bigburd

join:2009-09-14
Butte, MT
kudos:1
reply to Simba7
hey guys.. I'm baaack.. naw I've been having some friends getting really angry at Bresnan this last week so I thought I would see what the buzz was here. I'm now on the slow DSL boat but I at least get what they advertise.

Anywho.. These botnet attacks are "normal" nowadays. I would suggest a fantastic Linux app called fail2ban. It watches the logs and after x failed login attempts on Y service, blocks them with iptables for Z time. I've been using it for years and it really helps discouraging them from continuing and saves on those tiny ticks of bandwidth they eat. Not only this but fail2ban will watch logs for pop3, email, http, ftp, and anything else you could probably write a regular expression for.

It's not a bad thing to change the SSH port as long as you or a couple people use it. In my case I make all my web clients able to use ssh so changing the port would be a big hassle for me support-wise.


Simba7
I Void Warranties

join:2003-03-24
Billings, MT
reply to Simba7
I actually already installed it.. but realized it wasn't started when the router rebooted.

I fixed that immediately after finding out. Thanks, though.