Distributed SSH attacks

Oooh, how nice... another distributed ssh attack... need to get devious/er!


Mar  6 05:45:25 lara sshd[67154]: error: PAM: authentication error for illegal user cz from ns.zircon.net.ua
Mar  6 05:46:50 lara sshd[67163]: error: PAM: authentication error for illegal user d from 193.178.147.249
Mar  6 05:48:09 lara sshd[67170]: error: PAM: authentication error for illegal user daily from 205.234.239.234
Mar  6 05:49:27 lara sshd[67181]: error: PAM: authentication error for illegal user daisuke from 194.143.147.10
Mar  6 05:52:24 lara sshd[67198]: error: PAM: authentication error for illegal user dale from 82.207.125.7
Mar  6 05:53:39 lara sshd[67210]: error: PAM: authentication error for illegal user damon from s1.nevosoft.ru
Mar  6 05:55:15 lara sshd[67232]: error: PAM: authentication error for illegal user dan from 76.178.137.50
Mar  6 05:56:24 lara sshd[67239]: error: PAM: authentication error for illegal user dan from 220.130.181.79
Mar  6 05:57:42 lara sshd[67246]: error: PAM: authentication error for illegal user dan from 88.100.25.101
Mar  6 05:59:16 lara sshd[67258]: error: PAM: authentication error for illegal user dan from 124.41.64.37
Mar  6 06:00:29 lara sshd[67282]: error: PAM: authentication error for illegal user dan from 194.143.147.10
Mar  6 06:03:12 lara sshd[67293]: error: PAM: authentication error for illegal user dan from 212.243.89.139
Mar  6 06:04:40 lara sshd[67304]: error: PAM: authentication error for illegal user dana from 195.20.102.10
Mar  6 06:06:08 lara sshd[67314]: error: PAM: authentication error for illegal user dance from 203.72.60.24
Mar  6 06:07:28 lara sshd[67321]: error: PAM: authentication error for illegal user dance from 219.134.93.161
Mar  6 06:08:46 lara sshd[67331]: error: PAM: authentication error for illegal user dani from 121.10.141.249
Mar  6 06:10:22 lara sshd[67342]: error: PAM: authentication error for illegal user daniel from 60.28.210.9
Mar  6 06:11:32 lara sshd[67362]: error: PAM: authentication error for illegal user daniel from 77.47.187.63
Mar  6 06:13:00 lara sshd[67369]: error: PAM: authentication error for illegal user daniel from 59.120.12.62
Mar  6 06:14:14 lara sshd[67379]: error: PAM: authentication error for illegal user daniel from 89.149.226.246
Mar  6 06:16:06 lara sshd[67390]: error: PAM: authentication error for illegal user daniela from 118.123.96.91
Mar  6 06:17:06 lara sshd[67396]: error: PAM: authentication error for illegal user daniela from 200.215.210.210
Mar  6 06:18:26 lara sshd[67405]: error: PAM: authentication error for illegal user dario from 60.190.79.3
Mar  6 06:19:44 lara sshd[67415]: error: PAM: authentication error for illegal user dario from 202.106.162.227
Mar  6 06:21:13 lara sshd[67425]: error: PAM: authentication error for illegal user darrell from 195.182.194.63
Mar  6 06:22:32 lara sshd[67444]: error: PAM: authentication error for illegal user darwin from 80.249.238.148
Mar  6 06:23:50 lara sshd[67456]: error: PAM: authentication error for illegal user dasusr1 from web.uaic.net
Mar  6 06:25:14 lara sshd[67465]: error: PAM: authentication error for illegal user data from 62.118.122.35
Mar  6 06:26:38 lara sshd[67473]: error: PAM: authentication error for illegal user database from 125.168.55.4
Mar  6 06:28:20 lara sshd[67483]: error: PAM: authentication error for illegal user davaa from 163.27.136.4
Mar  6 06:29:23 lara sshd[67494]: error: PAM: authentication error for illegal user dave from rd.vrx.net
Mar  6 06:30:47 lara sshd[67504]: error: PAM: authentication error for illegal user dave from 61.127.161.4
Mar  6 06:32:07 lara sshd[67511]: error: PAM: authentication error for illegal user dave from 81.69.19.126
Mar  6 06:33:39 lara sshd[67534]: error: PAM: authentication error for illegal user dave from 83.226.170.132
Mar  6 06:34:57 lara sshd[67540]: error: PAM: authentication error for illegal user david from 85.238.206.182
Mar  6 06:36:22 lara sshd[67550]: error: PAM: authentication error for illegal user david from 201.34.36.170
Mar  6 06:37:37 lara sshd[67557]: error: PAM: authentication error for illegal user david from 213.10.103.38
Mar  6 06:39:14 lara sshd[67569]: error: PAM: authentication error for illegal user david from 122.103.92.4
Mar  6 06:40:26 lara sshd[67579]: error: PAM: authentication error for illegal user david from 62.112.193.17
Mar  6 06:41:56 lara sshd[67586]: error: PAM: authentication error for illegal user david from 201.34.47.174
Mar  6 06:43:08 lara sshd[67593]: error: PAM: authentication error for illegal user david from 91.196.159.89
Mar  6 06:44:43 lara sshd[67615]: error: PAM: authentication error for illegal user david from 174.142.75.39
Mar  6 06:46:12 lara sshd[67626]: error: PAM: authentication error for illegal user davide from 79.171.122.38
Mar  6 06:50:27 lara sshd[67647]: error: PAM: authentication error for illegal user davidh from 92.240.117.30
Mar  6 06:54:07 lara sshd[67668]: error: PAM: authentication error for illegal user davidr from lisenbart.com
Mar  6 06:58:08 lara sshd[67699]: error: PAM: authentication error for illegal user dawid from 212.35.169.20
Mar  6 07:02:03 lara sshd[67735]: error: PAM: authentication error for illegal user db2fenc1 from 80.91.190.80
Mar  6 07:06:10 lara sshd[67756]: error: PAM: authentication error for illegal user db2fenc from mail.np.kiev.ua
Mar  6 07:10:06 lara sshd[67778]: error: PAM: authentication error for illegal user db2inst1 from 217.65.3.7
Mar  6 07:14:00 lara sshd[67809]: error: PAM: authentication error for illegal user db2inst1 from 193.178.147.249
Mar  6 07:18:03 lara sshd[67827]: error: PAM: authentication error for illegal user dc from 77.241.41.165
Mar  6 07:21:54 lara sshd[67851]: error: PAM: authentication error for illegal user dcr from 79.171.122.38
Mar  6 07:25:50 lara sshd[67885]: error: PAM: authentication error for illegal user dcs from 89.28.205.122
Mar  6 07:29:47 lara sshd[67905]: error: PAM: authentication error for illegal user dean from mx2.cihost.ru
Mar  6 07:33:57 lara sshd[67939]: error: PAM: authentication error for illegal user deb from 195.20.102.2
Mar  6 07:37:52 lara sshd[67956]: error: PAM: authentication error for illegal user debian from ns.zircon.net.ua
Mar  6 07:41:46 lara sshd[67980]: error: PAM: authentication error for illegal user deborah from 77.241.32.126
Mar  6 07:45:45 lara sshd[68012]: error: PAM: authentication error for illegal user debug from 94.103.92.123
Mar  6 07:49:57 lara sshd[68032]: error: PAM: authentication error for illegal user dede from 62.149.13.210
Mar  6 07:54:09 lara sshd[68054]: error: PAM: authentication error for illegal user default from 91.189.129.106
Mar  6 07:57:49 lara sshd[68088]: error: PAM: authentication error for illegal user delliott from 195.60.71.153
Mar  6 08:01:55 lara sshd[68124]: error: PAM: authentication error for illegal user demo1 from 195.182.194.63
Mar  6 08:06:06 lara sshd[68146]: error: PAM: authentication error for illegal user demo1 from 77.120.117.79
Mar  6 08:10:05 lara sshd[68167]: error: PAM: authentication error for illegal user demo from 193.178.147.249
Mar  6 08:14:08 lara sshd[68197]: error: PAM: authentication error for illegal user demo from 195.20.102.10
Mar  6 08:18:07 lara sshd[68215]: error: PAM: authentication error for illegal user demo from 62.149.27.183
Mar  6 08:22:11 lara sshd[68249]: error: PAM: authentication error for illegal user demo from 217.117.64.61
Mar  6 08:26:17 lara sshd[68273]: error: PAM: authentication error for illegal user demo from 178.93.121.94


#1 Re: Distributed SSH attacks

Added on 2010-03-25T04:36 by Me

welcome to last cenruty

#2 Re: Distributed SSH attacks

Added on 2010-03-25T10:11 by Niklas R

How about instant reset or reboot instead of defense apps? Reset or reboot cuts all connection to a clean start.

#3 Re: Distributed SSH attacks

Added on 2010-03-28T04:01 by c geier

I'm using security/denyhosts since some time and it works great

#4 Re: Distributed SSH attacks

Added on 2010-04-06T19:51 by kace

How many places do you really connect from yourself?  I use ipfw and a "whitelist" approach.  Even if you have to allow large net blocks (say from your ISP), it still works very well.

#5 Re: Distributed SSH attacks

Added on 2010-04-11T07:27 by sprewell

I use a nonstandard port, works very well. :)

#6 Re: Distributed SSH attacks

Added on 2010-04-11T14:25 by Rick van der Zwet

Luckely you got yourself ssh-keys in place, right?So nothing to keep you awake at night :-)

#7 Re: Distributed SSH attacks

Added on 2010-04-16T08:20 by ggl

There is this thing with PF rules and expiretable daemon but it only works well if the IPs repeat themselves. I'm using it with pop3 on fbsd and have something similar for ssh on linux.

Comments !

blogroll

social