Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Mar 2003 10:23:10 -0500
From:      "Phillip Smith (mailing list)" <lists@3bags.com>
To:        <freebsd-questions@freebsd.org>
Subject:   hacking attempts?
Message-ID:  <003201c2e261$f7290180$aeb423cf@3bagsmedia>
next in thread | raw e-mail | index | archive | help 

I found this in my logs and I'm wondering if this is a hacking attempt?
Should I be concerned?

Also, if/when I see these, I'd like to add them to a blocked list using
/sbin/ipfw, but get the following message when trying this command:

# /sbin/ipfw add 1 deny all from 151.204.100.88:255.255.255.255 to any
ipfw: getsockopt(IP_FW_ADD): Protocol not available


freedom.domain.com login failures:
Mar  2 11:38:33 freedom sshd[47912]: Failed none for illegal user test
from 64.21.10.2
port 36747 ssh2
Mar  2 11:38:33 freedom sshd[47912]: Failed publickey for illegal user
test from
64.21.10.2 port 36747 ssh2
Mar  2 11:38:34 freedom sshd[47912]: Failed keyboard-interactive for
illegal user test
from 64.21.10.2 port 36747 ssh2
Mar  2 11:38:34 freedom sshd[47912]: Failed password for illegal user
test from
64.21.10.2 port 36747 ssh2
Mar  2 11:38:34 freedom sshd[47912]: Failed password for illegal user
test from
64.21.10.2 port 36747 ssh2
Mar  2 11:38:37 freedom sshd[47913]: Failed none for illegal user oracle
from 64.21.10.2
port 36984 ssh2
Mar  2 11:38:38 freedom sshd[47913]: Failed publickey for illegal user
oracle from
64.21.10.2 port 36984 ssh2
Mar  2 11:38:38 freedom sshd[47913]: Failed keyboard-interactive for
illegal user oracle
from 64.21.10.2 port 36984 ssh2
Mar  2 11:38:38 freedom sshd[47913]: Failed password for illegal user
oracle from
64.21.10.2 port 36984 ssh2
Mar  2 11:38:38 freedom sshd[47913]: Failed password for illegal user
oracle from
64.21.10.2 port 36984 ssh2
Mar  2 11:38:41 freedom sshd[47914]: Failed none for illegal user guest
from 64.21.10.2
port 37171 ssh2
Mar  2 11:38:41 freedom sshd[47914]: Failed publickey for illegal user
guest from
64.21.10.2 port 37171 ssh2
Mar  2 11:38:41 freedom sshd[47914]: Failed keyboard-interactive for
illegal user guest
from 64.21.10.2 port 37171 ssh2
Mar  2 11:38:41 freedom sshd[47914]: Failed password for illegal user
guest from
64.21.10.2 port 37171 ssh2
Mar  2 11:38:41 freedom sshd[47914]: Failed password for illegal user
guest from
64.21.10.2 port 37171 ssh2
Mar  2 11:38:44 freedom sshd[47915]: Failed password for ROOT from
64.21.10.2 port 37187
ssh2
Mar  2 11:38:45 freedom sshd[47915]: Failed password for ROOT from
64.21.10.2 port 37187
ssh2
Mar  2 11:38:48 freedom sshd[47916]: Failed password for nobody from
64.21.10.2 port
37211 ssh2
Mar  2 11:38:48 freedom sshd[47916]: Failed password for nobody from
64.21.10.2 port
37211 ssh2
Mar  2 11:38:52 freedom sshd[47917]: Failed password for games from
64.21.10.2 port
37215 ssh2
Mar  2 11:38:52 freedom sshd[47917]: Failed password for games from
64.21.10.2 port
37215 ssh2
Mar  2 11:38:56 freedom sshd[47918]: Failed none for illegal user user
from 64.21.10.2
port 37217 ssh2
Mar  2 11:38:56 freedom sshd[47918]: Failed publickey for illegal user
user from
64.21.10.2 port 37217 ssh2
Mar  2 11:38:56 freedom sshd[47918]: Failed keyboard-interactive for
illegal user user
from 64.21.10.2 port 37217 ssh2
Mar  2 11:38:56 freedom sshd[47918]: Failed password for illegal user
user from
64.21.10.2 port 37217 ssh2
Mar  2 11:38:56 freedom sshd[47918]: Failed password for illegal user
user from
64.21.10.2 port 37217 ssh2
Mar  2 11:38:59 freedom sshd[47919]: Failed password for ROOT from
64.21.10.2 port 37218
ssh2
Mar  2 11:38:59 freedom sshd[47919]: Failed password for ROOT from
64.21.10.2 port 37218


--
Phillip


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003201c2e261$f7290180$aeb423cf>