 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
David -
I have a boatload of auth.log entries like this:
Sep 9 06:41:19 vanzandt CRON[27524]: (pam_unix) session closed for user root
Sep 9 06:42:20 vanzandt sshd[28685]: Did not receive identification string from ::ffff:61.95.172.140
Sep 9 06:43:01 vanzandt CRON[28686]: (pam_unix) session opened for user jrv by (uid=0)
Sep 9 06:43:03 vanzandt CRON[28686]: (pam_unix) session closed for user jrv
Sep 9 06:45:39 vanzandt sshd[28723]: Illegal user test from ::ffff:61.95.172.140
Sep 9 06:45:39 vanzandt sshd[28723]: error: Could not get shadow information for NOUSER
Sep 9 06:45:39 vanzandt sshd[28723]: Failed password for illegal user test from ::ffff:61.95.172.140 port 4212 ssh2
Sep 9 06:45:42 vanzandt sshd[28725]: Illegal user test from ::ffff:61.95.172.140
Sep 9 06:45:42 vanzandt sshd[28725]: error: Could not get shadow information for NOUSER
Sep 9 06:45:42 vanzandt sshd[28725]: Failed password for illegal user test from ::ffff:61.95.172.140 port 4340 ssh2
Sep 9 06:45:45 vanzandt sshd[28727]: Illegal user test from ::ffff:61.95.172.140
Sep 9 06:45:45 vanzandt sshd[28727]: error: Could not get shadow information for NOUSER
Sep 9 06:45:45 vanzandt sshd[28727]: Failed password for illegal user test from ::ffff:61.95.172.140 port 4477 ssh2
Sep 9 06:45:48 vanzandt sshd[28729]: Illegal user test from ::ffff:61.95.172.140
Sep 9 06:45:48 vanzandt sshd[28729]: error: Could not get shadow information for NOUSER
Sep 9 06:45:48 vanzandt sshd[28729]: Failed password for illegal user test from ::ffff:61.95.172.140 port 4583 ssh2
Sep 9 06:45:52 vanzandt sshd[28731]: Illegal user test from ::ffff:61.95.172.140
Sep 9 06:45:52 vanzandt sshd[28731]: error: Could not get shadow information for NOUSER
Sep 9 06:45:52 vanzandt sshd[28731]: Failed password for illegal user test from ::ffff:61.95.172.140 port 4792 ssh2
Your coworker is welcome to a copy of the logs if they would do any
good.
(BTW I have "PermitRootLogin no" in /etc/sshd.conf.)
- Jim Van Zandt
Date: Fri, 8 Sep 2006 15:49:48 -0400 (EDT)
From: "David Kramer" <david at thekramers.net>
X-Priority: 3 (Normal)
Importance: Normal
X-BLU-MailScanner: Found to be clean, Found to be clean
Sender: discuss-bounces at blu.org
X-BLU-MailScanner-Information: Please contact the ISP for more information
X-BLU-MailScanner-From: discuss-bounces at blu.org
A coworker of mine is looing for some real-world or synthetic data of previous network
attacks, attack patterns/types, defense strategies that nets used against
attacks, etc. for model training/testing. He's also interested in talking to SysAdmins
who would be willing to talk about network security and network attacks. This is for a
research project.
Anyone interested? I'll forward your info on to him if you send it to me.
Thanks.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
