Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Possible systematic attack
« previous next »
Pages: [1]   Go Down

Possible systematic attack

  • 3 Replies
  • 1324 Views

greavesg

Possible systematic attack
« on: May 15, 2005, 06:05:24 PM »
I think someone has been trying to hack into my e-smith server or trying to bring it down with loads of traffic. Here is a sample from my message log.
May 15 02:08:50 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.245.234.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=37555 PROTO=UDP SPT=10464 DPT=1027 LEN=888
May 15 02:12:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13630 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:12:23 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13841 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:14:11 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.229.182.115 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=25561 PROTO=UDP SPT=27744 DPT=1028 LEN=888
May 15 02:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=4814 PROTO=UDP SPT=15330 DPT=1026 LEN=641
May 15 02:35:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.117.144.233 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=22171 PROTO=UDP SPT=20186 DPT=1026 LEN=888
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 03:01:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=46073 DPT=1026 LEN=398
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1026 LEN=418
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1027 LEN=418
May 15 03:29:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.201 DST=81.106.190.208 LEN=841 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33906 DPT=1026 LEN=821
May 15 03:30:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=59.80.225.231 DST=81.106.190.208 LEN=64 TOS=0x00 PREC=0x00 TTL=42 ID=4479 DF PROTO=TCP SPT=49805 DPT=4899 WINDOW=44620 RES=0x00 SYN URGP=0
May 15 03:36:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.76.142.58 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=208 PROTO=UDP SPT=12913 DPT=1027 LEN=888
May 15 03:40:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.106.140.197 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=458 DF PROTO=TCP SPT=31625 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 03:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.232.107.141 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=60604 PROTO=UDP SPT=15200 DPT=1028 LEN=888
May 15 03:46:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=18305 PROTO=UDP SPT=14978 DPT=1026 LEN=641
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27424 PROTO=UDP SPT=63598 DPT=1026 LEN=419
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27425 PROTO=UDP SPT=54554 DPT=1027 LEN=419
May 15 04:03:03 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.89.211.29 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=57240 PROTO=UDP SPT=22440 DPT=1026 LEN=888
May 15 04:05:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.158.204 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=53180 DPT=1026 LEN=441
May 15 04:09:13 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=58256 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:09:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=59160 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:15:51 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1027 LEN=462
May 15 04:22:54 paratha dyndns.org: Unknown response . Status was 0
May 15 04:29:31 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.77.185.228 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33238 DPT=1026 LEN=419
May 15 04:59:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=32224 PROTO=UDP SPT=10092 DPT=1026 LEN=641
May 15 05:03:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.65.157.184 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20596 PROTO=UDP SPT=27599 DPT=1027 LEN=888
May 15 05:09:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.73.72.143 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=30337 PROTO=UDP SPT=16899 DPT=1028 LEN=888
May 15 05:23:21 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=63.239.130.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=23897 DF PROTO=TCP SPT=4903 DPT=42 WINDOW=64512 RES=0x00 SYN URGP=0
May 15 05:24:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 05:30:38 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=65.26.111.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=26767 PROTO=UDP SPT=6031 DPT=1026 LEN=888
May 15 05:39:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=53142 DPT=1026 LEN=441
May 15 06:12:28 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=46635 PROTO=UDP SPT=23456 DPT=1026 LEN=641
May 15 06:30:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.133.42.230 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=57746 PROTO=UDP SPT=30541 DPT=1027 LEN=888
May 15 06:36:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.3.222.44 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=65333 PROTO=UDP SPT=14731 DPT=1028 LEN=888
May 15 06:41:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=22767 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=24350 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:58:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.126.132.41 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=61970 PROTO=UDP SPT=11382 DPT=1026 LEN=888
May 15 07:06:09 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=36716 DPT=1026 LEN=441
May 15 07:15:30 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1026 LEN=462
May 15 07:25:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20712 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20861 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:26 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=21162 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:34 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=60630 PROTO=UDP SPT=30629 DPT=1026 LEN=641
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34979 PROTO=UDP SPT=55312 DPT=1026 LEN=419
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34980 PROTO=UDP SPT=56481 DPT=1027 LEN=419
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 07:58:06 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.174.87.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20091 PROTO=UDP SPT=26549 DPT=1027 LEN=888
May 15 08:04:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.81.89.161 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=34913 PROTO=UDP SPT=9142 DPT=1028 LEN=888
May 15 08:25:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.125.85.8 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=31563 PROTO=UDP SPT=24536 DPT=1026 LEN=888
May 15 08:34:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33403 DPT=1026 LEN=398
May 15 08:38:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=9527 PROTO=UDP SPT=29713 DPT=1026 LEN=641
May 15 09:25:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.29.74.241 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=6226 PROTO=UDP SPT=11375 DPT=1027 LEN=888
May 15 09:31:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.63.99.71 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=4181 PROTO=UDP SPT=7271 DPT=1028 LEN=888
May 15 09:51:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=20181 PROTO=UDP SPT=30253 DPT=1026 LEN=641
May 15 09:53:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.50.43.85 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=1097 PROTO=UDP SPT=24961 DPT=1026 LEN=888
May 15 09:58:10 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=45176 DPT=1026 LEN=398
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25703 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25705 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25707 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25708 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25710 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25766 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25768 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25770 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25771 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25773 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25856 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25858 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25860 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25861 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25863 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:32:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35767 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35768 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:59 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35769 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:04 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35770 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:15 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35771 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35772 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:34:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35773 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:35:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35774 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:56:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=205.39.24.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=50071 PROTO=UDP SPT=17358 DPT=1027 LEN=888
May 15 10:59:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.186.222.78 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=39219 PROTO=UDP SPT=18850 DPT=1028 LEN=888
May 15 11:04:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=35840 PROTO=UDP SPT=30991 DPT=1026 LEN=641
May 15 11:07:08 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=66.160.191.67 DST=81.106.190.208 LEN=494 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=32811 DPT=1026 LEN=474
May 15 11:13:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.155.71 DST=81.106.190.208 LEN=421 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=49587 DPT=1026 LEN=401
May 15 11:37:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11693 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:37:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11851 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:39:00 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=15157 PROTO=UDP SPT=58797 DPT=1026 LEN=419
May 15 11:44:16 paratha sshd[5927]: Did not receive identification string from 195.239.164.214
May 15 11:47:54 paratha sshd[5930]: Failed password for root from 195.239.164.214 port 57616 ssh2
May 15 11:47:56 paratha sshd[5932]: Failed password for admin from 195.239.164.214 port 57652 ssh2
May 15 11:47:57 paratha sshd[5934]: Illegal user test from 195.239.164.214
May 15 11:47:57 paratha sshd[5934]: Failed password for illegal user test from 195.239.164.214 port 57674 ssh2
May 15 11:47:59 paratha sshd[5936]: Illegal user guest from 195.239.164.214
May 15 11:47:59 paratha sshd[5936]: Failed password for illegal user guest from 195.239.164.214 port 57692 ssh2
May 15 11:48:01 paratha sshd[5938]: Illegal user webmaster from 195.239.164.214
May 15 11:48:01 paratha sshd[5938]: Failed password for illegal user webmaster from 195.239.164.214 port 57710 ssh2
May 15 11:48:02 paratha sshd[5940]: Failed password for mysql from 195.239.164.214 port 57732 ssh2
May 15 11:48:04 paratha sshd[5942]: Illegal user oracle from 195.239.164.214
May 15 11:48:04 paratha sshd[5942]: Failed password for illegal user oracle from 195.239.164.214 port 57750 ssh2
May 15 11:48:06 paratha sshd[5944]: Illegal user library from 195.239.164.214
May 15 11:48:06 paratha sshd[5944]: Failed password for illegal user library from 195.239.164.214 port 57767 ssh2
May 15 11:48:07 paratha sshd[5946]: Illegal user info from 195.239.164.214
May 15 11:48:07 paratha sshd[5946]: Failed password for illegal user info from 195.239.164.214 port 57786 ssh2
May 15 11:48:09 paratha sshd[5948]: Illegal user shell from 195.239.164.214
May 15 11:48:09 paratha sshd[5948]: Failed password for illegal user shell from 195.239.164.214 port 57808 ssh2
May 15 11:48:10 paratha sshd[5950]: Illegal user linux from 195.239.164.214
May 15 11:48:10 paratha sshd[5950]: Failed password for illegal user linux from 195.239.164.214 port 57824 ssh2
May 15 11:48:12 paratha sshd[5952]: Illegal user unix from 195.239.164.214
May 15 11:48:12 paratha sshd[5952]: Failed password for illegal user unix from 195.239.164.214 port 57843 ssh2
May 15 11:48:14 paratha sshd[5954]: Illegal user webadmin from 195.239.164.214
May 15 11:48:14 paratha sshd[5954]: Failed password for illegal user webadmin from 195.239.164.214 port 57864 ssh2
May 15 11:48:15 paratha sshd[5956]: Failed password for ftp from 195.239.164.214 port 57881 ssh2
May 15 11:48:17 paratha sshd[5958]: Illegal user test from 195.239.164.214
May 15 11:48:17 paratha sshd[5958]: Failed password for illegal user test from 195.239.164.214 port 57900 ssh2
May 15 11:48:19 paratha sshd[5960]: Failed password for root from 195.239.164.214 port 57923 ssh2
May 15 11:48:21 paratha sshd[5962]: Failed password for admin from 195.239.164.214 port 57941 ssh2
May 15 11:48:23 paratha sshd[5964]: Illegal user guest from 195.239.164.214
May 15 11:48:23 paratha sshd[5964]: Failed password for illegal user guest from 195.239.164.214 port 57960 ssh2
May 15 11:48:24 paratha sshd[5966]: Illegal user master from 195.239.164.214
May 15 11:48:24 paratha sshd[5966]: Failed password for illegal user master from 195.239.164.214 port 57983 ssh2
May 15 11:48:26 paratha sshd[5968]: Failed password for apache from 195.239.164.214 port 58002 ssh2
May 15 11:48:28 paratha sshd[5970]: Failed password for root from 195.239.164.214 port 58019 ssh2
May 15 11:48:29 paratha sshd[5972]: Failed password for root from 195.239.164.214 port 58039 ssh2
May 15 11:48:31 paratha sshd[5974]: Failed password for root from 195.239.164.214 port 58057 ssh2
May 15 11:48:33 paratha sshd[5976]: Failed password for root from 195.239.164.214 port 58078 ssh2
May 15 11:48:34 paratha sshd[5978]: Failed password for root from 195.239.164.214 port 58093 ssh2
May 15 11:48:36 paratha sshd[5980]: Failed password for root from 195.239.164.214 port 58113 ssh2
May 15 11:48:38 paratha sshd[5982]: Failed password for root from 195.239.164.214 port 58129 ssh2
May 15 11:48:39 paratha sshd[5984]: Failed password for admin from 195.239.164.214 port 58148 ssh2
May 15 11:48:41 paratha sshd[5986]: Failed password for admin from 195.239.164.214 port 58165 ssh2
May 15 11:48:43 paratha sshd[5988]: Failed password for admin from 195.239.164.214 port 58181 ssh2
May 15 11:48:44 paratha sshd[5990]: Failed password for admin from 195.239.164.214 port 58201 ssh2
May 15 11:48:46 paratha sshd[5992]: Failed password for root from 195.239.164.214 port 58219 ssh2
May 15 11:48:47 paratha sshd[5994]: Failed password for root from 195.239.164.214 port 58233 ssh2
May 15 11:48:49 paratha sshd[5996]: Illegal user test from 195.239.164.214
May 15 11:48:49 paratha sshd[5996]: Failed password for illegal user test from 195.239.164.214 port 58254 ssh2
May 15 11:48:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57681 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:51 paratha sshd[5998]: Illegal user test from 195.239.164.214
May 15 11:48:51 paratha sshd[5998]: Failed password for illegal user test from 195.239.164.214 port 58269 ssh2
May 15 11:48:52 paratha sshd[6000]: Illegal user webmaster from 195.239.164.214
May 15 11:48:52 paratha sshd[6000]: Failed password for illegal user webmaster from 195.239.164.214 port 58286 ssh2
May 15 11:48:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57831 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:54 paratha sshd[6002]: Illegal user user from 195.239.164.214
May 15 11:48:54 paratha sshd[6002]: Failed password for illegal user user from 195.239.164.214 port 58304 ssh2
May 15 11:48:56 paratha sshd[6004]: Illegal user username from 195.239.164.214
May 15 11:48:56 paratha sshd[6004]: Failed password for illegal user username from 195.239.164.214 port 58325 ssh2
May 15 11:48:57 paratha sshd[6006]: Illegal user username from 195.239.164.214
May 15 11:48:57 paratha sshd[6006]: Failed password for illegal user username from 195.239.164.214 port 58343 ssh2
May 15 11:48:58 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=58133 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:59 paratha sshd[6008]: Illegal user user from 195.239.164.214
May 15 11:48:59 paratha sshd[6008]: Failed password for illegal user user from 195.239.164.214 port 58358 ssh2
May 15 11:49:01 paratha sshd[6010]: Failed password for root from 195.239.164.214 port 58374 ssh2
May 15 11:49:02 paratha sshd[6012]: Failed password for admin from 195.239.164.214 port 58392 ssh2
May 15 11:49:04 paratha sshd[6014]: Illegal user test from 195.239.164.214
May 15 11:49:04 paratha sshd[6014]: Failed password for illegal user test from 195.239.164.214 port 58410 ssh2
May 15 11:49:05 paratha sshd[6016]: Failed password for root from 195.239.164.214 port 58427 ssh2
May 15 11:49:07 paratha sshd[6018]: Failed password for root from 195.239.164.214 port 58445 ssh2
May 15 11:49:09 paratha sshd[6020]: Failed password for root from 195.239.164.214 port 58462 ssh2
May 15 11:49:10 paratha sshd[6022]: Failed password for root from 195.239.164.214 port 58479 ssh2
May 15 11:49:12 paratha sshd[6024]: Illegal user danny from 195.239.164.214
May 15 11:49:12 paratha sshd[6024]: Failed password for illegal user danny from 195.239.164.214 port 58500 ssh2
May 15 11:49:16 paratha sshd[6026]: Illegal user sharon from 195.239.164.214
May 15 11:49:16 paratha sshd[6026]: Failed password for illegal user sharon from 195.239.164.214 port 58516 ssh2
May 15 11:49:18 paratha sshd[6028]: Illegal user aron from 195.239.164.214
May 15 11:49:18 paratha sshd[6028]: Failed password for illegal user aron from 195.239.164.214 port 58564 ssh2
May 15 11:49:20 paratha sshd[6030]: Illegal user alex from 195.239.164.214
May 15 11:49:20 paratha sshd[6030]: Failed password for illegal user alex from 195.239.164.214 port 58580 ssh2
May 15 11:49:21 paratha sshd[6032]: Illegal user brett from 195.239.164.214
May 15 11:49:21 paratha sshd[6032]: Failed password for illegal user brett from 195.239.164.214 port 58600 ssh2
May 15 11:49:23 paratha sshd[6035]: Illegal user mike from 195.239.164.214
May 15 11:49:23 paratha sshd[6035]: Failed password for illegal user mike from 195.239.164.214 port 58617 ssh2
May 15 11:49:25 paratha sshd[6037]: Illegal user alan from 195.239.164.214
May 15 11:49:25 paratha sshd[6037]: Failed password for illegal user alan from 195.239.164.214 port 58635 ssh2
May 15 11:49:26 paratha sshd[6039]: Illegal user data from 195.239.164.214
May 15 11:49:26 paratha sshd[6039]: Failed password for illegal user data from 195.239.164.214 port 58655 ssh2
May 15 11:49:28 paratha sshd[6041]: Illegal user www-data from 195.239.164.214
May 15 11:49:28 paratha sshd[6041]: Failed password for illegal user www-data from 195.239.164.214 port 58671 ssh2
May 15 11:49:30 paratha sshd[6043]: Illegal user http from 195.239.164.214
May 15 11:49:30 paratha sshd[6043]: Failed password for illegal user http from 195.239.164.214 port 58687 ssh2
May 15 11:49:31 paratha sshd[6045]: Illegal user httpd from 195.239.164.214
May 15 11:49:31 paratha sshd[6045]: Failed password for illegal user httpd from 195.239.164.214 port 58706 ssh2
May 15 11:49:33 paratha sshd[6047]: Failed password for nobody from 195.239.164.214 port 58723 ssh2
May 15 11:49:35 paratha sshd[6049]: Failed password for root from 195.239.164.214 port 58742 ssh2
May 15 11:49:36 paratha sshd[6051]: Illegal user backup from 195.239.164.214
May 15 11:49:36 paratha sshd[6051]: Failed password for illegal user backup from 195.239.164.214 port 58759 ssh2
May 15 11:49:38 paratha sshd[6053]: Illegal user info from 195.239.164.214
May 15 11:49:38 paratha sshd[6053]: Failed password for illegal user info from 195.239.164.214 port 58777 ssh2
May 15 11:49:40 paratha sshd[6055]: Illegal user shop from 195.239.164.214
May 15 11:49:40 paratha sshd[6055]: Failed password for illegal user shop from 195.239.164.214 port 58800 ssh2
May 15 11:49:41 paratha sshd[6057]: Illegal user sales from 195.239.164.214
May 15 11:49:41 paratha sshd[6057]: Failed password for illegal user sales from 195.239.164.214 port 58815 ssh2
May 15 11:49:43 paratha sshd[6059]: Illegal user web from 195.239.164.214
May 15 11:49:43 paratha sshd[6059]: Failed password for illegal user web from 195.239.164.214 port 58831 ssh2
May 15 11:49:45 paratha sshd[6061]: Failed password for www from 195.239.164.214 port 58848 ssh2
May 15 11:49:46 paratha sshd[6063]: Illegal user wwwrun from 195.239.164.214
May 15 11:49:46 paratha sshd[6063]: Failed password for illegal user wwwrun from 195.239.164.214 port 58868 ssh2
May 15 11:49:48 paratha sshd[6065]: Illegal user adam from 195.239.164.214
May 15 11:49:48 paratha sshd[6065]: Failed password for illegal user adam from 195.239.164.214 port 58885 ssh2
May 15 11:49:49 paratha sshd[6067]: Illegal user stephen from 195.239.164.214
May 15 11:49:49 paratha sshd[6067]: Failed password for illegal user stephen from 195.239.164.214 port 58902 ssh2
May 15 11:49:51 paratha sshd[6069]: Illegal user richard from 195.239.164.214
May 15 11:49:51 paratha sshd[6069]: Failed password for illegal user richard from 195.239.164.214 port 58922 ssh2
May 15 11:49:53 paratha sshd[6072]: Illegal user george from 195.239.164.214
May 15 11:49:53 paratha sshd[6072]: Failed password for illegal user george from 195.239.164.214 port 58940 ssh2
May 15 11:49:55 paratha sshd[6074]: Illegal user michael from 195.239.164.214
May 15 11:49:55 paratha sshd[6074]: Failed password for illegal user michael from 195.239.164.214 port 58959 ssh2
May 15 11:49:56 paratha sshd[6076]: Illegal user john from 195.239.164.214
May 15 11:49:56 paratha sshd[6076]: Failed password for illegal user john from 195.239.164.214 port 58983 ssh2
May 15 11:49:58 paratha sshd[6078]: Illegal user david from 195.239.164.214
May 15 11:49:58 paratha sshd[6078]: Failed password for illegal user david from 195.239.164.214 port 59001 ssh2
May 15 11:50:00 paratha sshd[6080]: Illegal user paul from 195.239.164.214
May 15 11:50:00 paratha sshd[6080]: Failed password for illegal user paul from 195.239.164.214 port 59019 ssh2
May 15 11:50:01 paratha sshd[6082]: Failed password for news from 195.239.164.214 port 59035 ssh2
May 15 11:50:03 paratha sshd[6084]: Illegal user angel from 195.239.164.214
May 15 11:50:03 paratha sshd[6084]: Failed password for illegal user angel from 195.239.164.214 port 59052 ssh2
May 15 11:50:04 paratha sshd[6086]: Failed password for games from 195.239.164.214 port 59073 ssh2
May 15 11:50:06 paratha sshd[6088]: Illegal user pgsql from 195.239.164.214
May 15 11:50:06 paratha sshd[6088]: Failed password for illegal user pgsql from 195.239.164.214 port 59088 ssh2
May 15 11:50:08 paratha sshd[6090]: Illegal user pgsql from 195.239.164.214
May 15 11:50:08 paratha sshd[6090]: Failed password for illegal user pgsql from 195.239.164.214 port 59108 ssh2
May 15 11:50:13 paratha sshd[6092]: Failed password for mail from 195.239.164.214 port 59132 ssh2
May 15 11:50:15 paratha sshd[6094]: Failed password for adm from 195.239.164.214 port 59180 ssh2
May 15 11:50:16 paratha sshd[6096]: Illegal user ident from 195.239.164.214
May 15 11:50:16 paratha sshd[6096]: Failed password for illegal user ident from 195.239.164.214 port 59203 ssh2
May 15 11:50:18 paratha sshd[6098]: Illegal user resin from 195.239.164.214
May 15 11:50:18 paratha sshd[6098]: Failed password for illegal user resin from 195.239.164.214 port 59220 ssh2
May 15 11:50:20 paratha sshd[6100]: Illegal user mikael from 195.239.164.214
May 15 11:50:20 paratha sshd[6100]: Failed password for illegal user mikael from 195.239.164.214 port 59242 ssh2
May 15 11:50:21 paratha sshd[6102]: Illegal user mike from 195.239.164.214
May 15 11:50:21 paratha sshd[6102]: Failed password for illegal user mike from 195.239.164.214 port 59260 ssh2
May 15 11:50:23 paratha sshd[6104]: Illegal user suva from 195.239.164.214
May 15 11:50:23 paratha sshd[6104]: Failed password for illegal user suva from 195.239.164.214 port 59275 ssh2
May 15 11:50:25 paratha sshd[6106]: Illegal user webpop from 195.239.164.214
May 15 11:50:25 paratha sshd[6106]: Failed password for illegal user webpop from 195.239.164.214 port 59292 ssh2
May 15 11:50:26 paratha sshd[6108]: Illegal user technicom from 195.239.164.214
May 15 11:50:26 paratha sshd[6108]: Failed password for illegal user technicom from 195.239.164.214 port 59310 ssh2
May 15 11:50:28 paratha sshd[6110]: Illegal user susan from 195.239.164.214
May 15 11:50:28 paratha sshd[6110]: Failed password for illegal user susan from 195.239.164.214 port 59328 ssh2
May 15 11:50:29 paratha sshd[6112]: Illegal user sunsun from 195.239.164.214
May 15 11:50:29 paratha sshd[6112]: Failed password for illegal user sunsun from 195.239.164.214 port 59345 ssh2
May 15 11:50:31 paratha sshd[6114]: Illegal user sunny from 195.239.164.214
May 15 11:50:31 paratha sshd[6114]: Failed password for illegal user sunny from 195.239.164.214 port 59365 ssh2
May 15 11:50:33 paratha sshd[6116]: Illegal user steven from 195.239.164.214
May 15 11:50:33 paratha sshd[6116]: Failed password for illegal user steven from 195.239.164.214 port 59384 ssh2
May 15 11:50:34 paratha sshd[6118]: Illegal user ssh from 195.239.164.214
May 15 11:50:34 paratha sshd[6118]: Failed password for illegal user ssh from 195.239.164.214 port 59400 ssh2
May 15 11:50:36 paratha sshd[6120]: Illegal user search from 195.239.164.214
May 15 11:50:36 paratha sshd[6120]: Failed password for illegal user search from 195.239.164.214 port 59420 ssh2
May 15 11:50:38 paratha sshd[6122]: Illegal user sara from 195.239.164.214
May 15 11:50:38 paratha sshd[6122]: Failed password for illegal user sara from 195.239.164.214 port 59438 ssh2
May 15 11:50:39 paratha sshd[6124]: Illegal user robert from 195.239.164.214
May 15 11:50:39 paratha sshd[6124]: Failed password for illegal user robert from 195.239.164.214 port 59453 ssh2
May 15 11:50:41 paratha sshd[6126]: Illegal user richard from 195.239.164.214
May 15 11:50:41 paratha sshd[6126]: Failed password for illegal user richard from 195.239.164.214 port 59473 ssh2
May 15 11:50:42 paratha sshd[6128]: Illegal user postmaster from 195.239.164.214
May 15 11:50:42 paratha sshd[6128]: Failed password for illegal user postmaster from 195.239.164.214 port 59489 ssh2
May 15 11:50:44 paratha sshd[6130]: Illegal user party from 195.239.164.214
May 15 11:50:44 paratha sshd[6130]: Failed password for illegal user party from 195.239.164.214 port 59511 ssh2
May 15 11:50:46 paratha sshd[6132]: Illegal user michael from 195.239.164.214
May 15 11:50:46 paratha sshd[6132]: Failed password for illegal user michael from 195.239.164.214 port 59529 ssh2
May 15 11:50:47 paratha sshd[6134]: Illegal user amanda from 195.239.164.214
May 15 11:50:47 paratha sshd[6134]: Failed password for illegal user amanda from 195.239.164.214 port 59544 ssh2
May 15 11:50:49 paratha sshd[6136]: Failed password for mysql from 195.239.164.214 port 59561 ssh2
May 15 11:50:51 paratha sshd[6138]: Failed password for rpm from 195.239.164.214 port 59579 ssh2
May 15 11:50:52 paratha sshd[6140]: Failed password for operator from 195.239.164.214 port 59592 ssh2
May 15 11:50:54 paratha sshd[6142]: Illegal user sgi from 195.239.164.214
May 15 11:50:54 paratha sshd[6142]: Failed password for illegal user sgi from 195.239.164.214 port 59603 ssh2
May 15 11:50:55 paratha sshd[6144]: Illegal user Aaliyah from 195.239.164.214
May 15 11:50:55 paratha sshd[6144]: Failed password for illegal user Aaliyah from 195.239.164.214 port 59619 ssh2
May 15 11:50:57 paratha sshd[6146]: Illegal user Aaron from 195.239.164.214
May 15 11:50:57 paratha sshd[6146]: Failed password for illegal user Aaron from 195.239.164.214 port 59630 ssh2
May 15 11:50:58 paratha sshd[6148]: Illegal user Aba from 195.239.164.214
May 15 11:50:58 paratha sshd[6148]: Failed password for illegal user Aba from 195.239.164.214 port 59639 ssh2
May 15 11:51:00 paratha sshd[6150]: Illegal user Abel from 195.239.164.214
May 15 11:51:00 paratha sshd[6150]: Failed password for illegal user Abel from 195.239.164.214 port 59653 ssh2
May 15 11:51:01 paratha sshd[6152]: Illegal user Jewel from 195.239.164.214
May 15 11:51:01 paratha sshd[6152]: Failed password for illegal user Jewel from 195.239.164.214 port 59661 ssh2
May 15 11:51:03 paratha sshd[6154]: Failed password for sshd from 195.239.164.214 port 59671 ssh2
May 15 11:51:04 paratha sshd[6156]: Illegal user users from 195.239.164.214
May 15 11:51:04 paratha sshd[6156]: Failed password for illegal user users from 195.239.164.214 port 59682 ssh2
May 15 11:51:06 paratha sshd[6158]: Illegal user admins from 195.239.164.214
May 15 11:51:06 paratha sshd[6158]: Failed password for illegal user admins from 195.239.164.214 port 59691 ssh2
May 15 11:51:07 paratha sshd[6160]: Illegal user admins from 195.239.164.214
May 15 11:51:08 paratha sshd[6160]: Failed password for illegal user admins from 195.239.164.214 port 59700 ssh2

Does it look familar to anyone?
Logged

dhardy

Possible systematic attack
« Reply #1 on: May 16, 2005, 12:12:23 AM »
You've got ssh running on the public ip?

You have got a strong root password - haven't you?

If you go for 10+ character alphanumeric passwords then these dictionary attacks won't get in  - and don't let your users have ssh access, especially if you don't trust them to have secure passwords.

On the relatively few occasions this has happened to me I've looked up the owner of the originating ip using the tools at www.dnsstuff.com and filed abuse reports - generally its a compromised server thats attacking you rather than some kid hunched over a keyboard.

Having something like this arrive in your logs makes you view your passwords a little more keenly!!

David
Logged

Offline chris burnat

  • *****
  • 1,135
  • +2/-0
    • http://www.burnat.com
Possible systematic attack
« Reply #2 on: May 16, 2005, 09:50:46 AM »
Your logs shows two types of warning, denylogs and ssh access (or unsucessful attempts, and keep it this way with very strong passwords). If you are satisfied that all is well and you wish to avoid your logs being full of the Denylog warnings, do the following commands from root:
/sbin/e-smith/db configuration setprop masq Logging none
followed by:
/sbin/e-smith/signal-event remoteaccess-update
regards. chris
Logged
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

greavesg

Possible systematic attack
« Reply #3 on: May 16, 2005, 08:33:13 PM »
Quote from: "dhardy"
You've got ssh running on the public ip?

You have got a strong root password - haven't you?

If you go for 10+ character alphanumeric passwords then these dictionary attacks won't get in  - and don't let your users have ssh access, especially if you don't trust them to have secure passwords.



Yes my passwords are strong and my usernames are not in typical format either.
I've taken all required action now. Thanks all including chris for the command line tips
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: Possible systematic attack