[Ilugc] Reg Failed Authentication Mail

• From: apsivam@xxxxxxxxx (Sivanandhan, P.)
• Date: Sat Mar 26 11:24:03 2005

On Sat, 26 Mar 2005 05:29:06 +0000 (GMT), Mahesh
<drmahesh_06@xxxxxxxxxxx> wrote:

Hi all,
When I gave mail command in my terminal, there was one
mail with subject as "LogWatch for
localhost.localdomain
". Iam pasting a part of the contents below. It
contains lots of authetication failures from an ip
address. My computer is connected to Internet thro
BSNL DataOne. Iam afraid it is some kind of cracking
activity. Please help.

*********************************************************
 --------------------- Kernel Begin
------------------------

WARNING:  Kernel Errors Present
   vesafb: probe of vesafb0 failed with error -6...:
5 Time(s)

 ---------------------- Kernel End
-------------------------

 --------------------- pam_unix Begin
------------------------

crond:
   Unknown Entries:
      session closed for user root: 138 Time(s)
      session opened for user root by (uid=0): 138
Time(s)

gdm:
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0
tty=:0 ruser= rhost=  user=root: 1 Time(s)

sshd:
   Authentication Failures:
      unknown (59-120-61-127.hinet-ip.hinet.net): 17
Time(s)
      unknown (221.154.250.71): 10 Time(s)
      root (221.154.250.71): 5 Time(s)
      unknown (ns.brownpower.jp): 1 Time(s)
      unknown (ns.ladiesclinic.jp): 1 Time(s)

 ---------------------- pam_unix End
-------------------------

 --------------------- Connections (secure-log) Begin
------------------------

 --------------------- SSHD Begin
------------------------

SSHD Killed: 4 Time(s)

SSHD Started: 5 Time(s)

Failed to bind:
   0.0.0.0 port 22 (Address already in use) : 5
Time(s)

Failed logins from these:
   root/password from ::ffff:221.154.250.71: 5 Time(s)

**Unmatched Entries**
Invalid user anonymous from ::ffff:210.238.179.146
Failed password for invalid user anonymous from
::ffff:210.238.179.146 port 35071 ssh2
Invalid user passwd from ::ffff:210.238.179.146
Failed password for invalid user passwd from
::ffff:210.238.179.146 port 35080 ssh2
.
.
.
Failed password for invalid user lauren from
::ffff:59.120.61.127 port 3549 ssh2
Invalid user mark from ::ffff:59.120.61.127
Failed password for invalid user mark from
::ffff:59.120.61.127 port 3553 ssh2
Invalid user sin from ::ffff:59.120.61.127
Failed password for invalid user sin from
::ffff:59.120.61.127 port 4376 ssh2
Invalid user richer from ::ffff:59.120.61.127
Failed password for invalid user richer from
::ffff:59.120.61.127 port 1244 ssh2
*******************************************************

Seems to be an attack. secure your sshd server by using tcp wrappers
(hosts.allow & hosts.deny files) or iptables.

-- 
Cheers,

--Sivam
[Jai Hind]

• References:
  • [Ilugc] Reg Failed Authentication Mail
    • From: Mahesh

Other related posts:

• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail - Sivanandhan, P.
• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail- Suresh Ramasubramanian
• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail- Binand Sethumadhavan
• » [Ilugc] Reg Failed Authentication Mail- Mahesh
• » [Ilugc] Reg Failed Authentication Mail- Mahesh

1. Home
2. ilugc
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---