[kwlug-disc] Identify this exploit?
Mikalai Birukou
mb at 3nsoft.com
Sun Dec 29 13:15:07 EST 2019
C'mon. Its a Christmas season, and this is a Hail Mary attack, reminding
us all about a need to switch to using keys for login
https://security.stackexchange.com/questions/13559/why-was-the-hail-mary-cloud-named-so
When I first freaked about this, my logs had incoming ips from China.
These ones are from Denmark, Germany, Japan. What can be common to all
these developed countries? May be IKEA's IoT devices? :)
On 2019-12-29 11:06 a.m., Khalid Baheyeldin wrote:
> Here is an example from the scary internet ...
>
> From today's logs of a server I manage (via logwatch):
>
> Failed logins from:
> 92.246.17.5 <http://92.246.17.5>: 1 time
> 95.88.219.197 (ip5f58dbc5.dynamic.kabel-deutschland.de
> <http://ip5f58dbc5.dynamic.kabel-deutschland.de>): 1 time
> 153.126.166.203 (ik1-319-19699.vs.sakura.ne.jp
> <http://ik1-319-19699.vs.sakura.ne.jp>): 1 time
>
> Illegal users from:
> undef: 3 times
> 12.22.203.226 <http://12.22.203.226>: 1 time
> 63.142.97.181 (63-142-97-63-142-97-181.cpe.sparklight.net
> <http://63-142-97-63-142-97-181.cpe.sparklight.net>): 1 time
> 92.246.17.5 <http://92.246.17.5>: 2 times
> 97.84.76.88 (97-84-76-88.dhcp.snlo.ca.charter.com
> <http://97-84-76-88.dhcp.snlo.ca.charter.com>): 1 time
> 115.160.163.195 <http://115.160.163.195>: 2 times
> 142.4.208.131 (ns502558.ip-142-4-208.net
> <http://ns502558.ip-142-4-208.net>): 1 time
> 153.126.141.19 (ik1-306-13265.vs.sakura.ne.jp
> <http://ik1-306-13265.vs.sakura.ne.jp>): 1 time
>
> These are all ssh login attempts from various IP addresses.
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20191229/3e063384/attachment.htm>
More information about the kwlug-disc
mailing list