Hi,
I just forget to ask about this in my previous mail.
How do I make sure that the one that tried to crack
into my machine, didnt do anything terrible, like
install a Trojan horse or something or steal my e-mail
password which i stored using firefox. Please help to
retrieve the whole mail onca again to have a look at
it, bcoz if I type mail command it says "At Eof".
Thx in advance.
Mahesh.
--- "Sivanandhan, P." <apsivam@xxxxxxxxx> wrote:
On Sat, 26 Mar 2005 05:29:06 +0000 (GMT), Mahesh*********************************************************
<drmahesh_06@xxxxxxxxxxx> wrote:
Hi all,one
When I gave mail command in my terminal, there was
mail with subject as "LogWatch forcracking
localhost.localdomain
". Iam pasting a part of the contents below. It
contains lots of authetication failures from an ip
address. My computer is connected to Internet thro
BSNL DataOne. Iam afraid it is some kind of
activity. Please help.
*******************************************************--------------------- Kernel Begin-6...:
------------------------
WARNING: Kernel Errors Present
vesafb: probe of vesafb0 failed with error
5 Time(s)euid=0
---------------------- Kernel End
-------------------------
--------------------- pam_unix Begin
------------------------
crond:
Unknown Entries:
session closed for user root: 138 Time(s)
session opened for user root by (uid=0): 138
Time(s)
gdm:
Unknown Entries:
authentication failure; logname= uid=0
tty=:0 ruser= rhost= user=root: 1 Time(s)17
sshd:
Authentication Failures:
unknown (59-120-61-127.hinet-ip.hinet.net):
Time(s)Begin
unknown (221.154.250.71): 10 Time(s)
root (221.154.250.71): 5 Time(s)
unknown (ns.brownpower.jp): 1 Time(s)
unknown (ns.ladiesclinic.jp): 1 Time(s)
---------------------- pam_unix End
-------------------------
--------------------- Connections (secure-log)
------------------------Time(s)
--------------------- SSHD Begin
------------------------
SSHD Killed: 4 Time(s)
SSHD Started: 5 Time(s)
Failed to bind:
0.0.0.0 port 22 (Address already in use) : 5
Time(s)
Failed logins from these:
root/password from ::ffff:221.154.250.71: 5
**Unmatched Entries**
Invalid user anonymous from ::ffff:210.238.179.146
Failed password for invalid user anonymous from
::ffff:210.238.179.146 port 35071 ssh2
Invalid user passwd from ::ffff:210.238.179.146
Failed password for invalid user passwd from
::ffff:210.238.179.146 port 35080 ssh2
.
.
.
Failed password for invalid user lauren from
::ffff:59.120.61.127 port 3549 ssh2
Invalid user mark from ::ffff:59.120.61.127
Failed password for invalid user mark from
::ffff:59.120.61.127 port 3553 ssh2
Invalid user sin from ::ffff:59.120.61.127
Failed password for invalid user sin from
::ffff:59.120.61.127 port 4376 ssh2
Invalid user richer from ::ffff:59.120.61.127
Failed password for invalid user richer from
::ffff:59.120.61.127 port 1244 ssh2
Seems to be an attack. secure your sshd server by
using tcp wrappers
(hosts.allow & hosts.deny files) or iptables.
--
Cheers,
--Sivam
[Jai Hind]