From owner-freebsd-questions Tue Mar 4 7:20: 4 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8225E37B401 for ; Tue, 4 Mar 2003 07:20:01 -0800 (PST) Received: from tomts22-srv.bellnexxia.net (tomts22.bellnexxia.net [209.226.175.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84A9B43F3F for ; Tue, 4 Mar 2003 07:20:00 -0800 (PST) (envelope-from lists@3bags.com) Received: from 3bagsmedia ([207.35.180.174]) by tomts22-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20030304151959.LULA13069.tomts22-srv.bellnexxia.net@3bagsmedia> for ; Tue, 4 Mar 2003 10:19:59 -0500 Reply-To: From: "Phillip Smith (mailing list)" To: Subject: hacking attempts? Date: Tue, 4 Mar 2003 10:23:10 -0500 Message-ID: <003201c2e261$f7290180$aeb423cf@3bagsmedia> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I found this in my logs and I'm wondering if this is a hacking attempt? Should I be concerned? Also, if/when I see these, I'd like to add them to a blocked list using /sbin/ipfw, but get the following message when trying this command: # /sbin/ipfw add 1 deny all from 151.204.100.88:255.255.255.255 to any ipfw: getsockopt(IP_FW_ADD): Protocol not available freedom.domain.com login failures: Mar 2 11:38:33 freedom sshd[47912]: Failed none for illegal user test from 64.21.10.2 port 36747 ssh2 Mar 2 11:38:33 freedom sshd[47912]: Failed publickey for illegal user test from 64.21.10.2 port 36747 ssh2 Mar 2 11:38:34 freedom sshd[47912]: Failed keyboard-interactive for illegal user test from 64.21.10.2 port 36747 ssh2 Mar 2 11:38:34 freedom sshd[47912]: Failed password for illegal user test from 64.21.10.2 port 36747 ssh2 Mar 2 11:38:34 freedom sshd[47912]: Failed password for illegal user test from 64.21.10.2 port 36747 ssh2 Mar 2 11:38:37 freedom sshd[47913]: Failed none for illegal user oracle from 64.21.10.2 port 36984 ssh2 Mar 2 11:38:38 freedom sshd[47913]: Failed publickey for illegal user oracle from 64.21.10.2 port 36984 ssh2 Mar 2 11:38:38 freedom sshd[47913]: Failed keyboard-interactive for illegal user oracle from 64.21.10.2 port 36984 ssh2 Mar 2 11:38:38 freedom sshd[47913]: Failed password for illegal user oracle from 64.21.10.2 port 36984 ssh2 Mar 2 11:38:38 freedom sshd[47913]: Failed password for illegal user oracle from 64.21.10.2 port 36984 ssh2 Mar 2 11:38:41 freedom sshd[47914]: Failed none for illegal user guest from 64.21.10.2 port 37171 ssh2 Mar 2 11:38:41 freedom sshd[47914]: Failed publickey for illegal user guest from 64.21.10.2 port 37171 ssh2 Mar 2 11:38:41 freedom sshd[47914]: Failed keyboard-interactive for illegal user guest from 64.21.10.2 port 37171 ssh2 Mar 2 11:38:41 freedom sshd[47914]: Failed password for illegal user guest from 64.21.10.2 port 37171 ssh2 Mar 2 11:38:41 freedom sshd[47914]: Failed password for illegal user guest from 64.21.10.2 port 37171 ssh2 Mar 2 11:38:44 freedom sshd[47915]: Failed password for ROOT from 64.21.10.2 port 37187 ssh2 Mar 2 11:38:45 freedom sshd[47915]: Failed password for ROOT from 64.21.10.2 port 37187 ssh2 Mar 2 11:38:48 freedom sshd[47916]: Failed password for nobody from 64.21.10.2 port 37211 ssh2 Mar 2 11:38:48 freedom sshd[47916]: Failed password for nobody from 64.21.10.2 port 37211 ssh2 Mar 2 11:38:52 freedom sshd[47917]: Failed password for games from 64.21.10.2 port 37215 ssh2 Mar 2 11:38:52 freedom sshd[47917]: Failed password for games from 64.21.10.2 port 37215 ssh2 Mar 2 11:38:56 freedom sshd[47918]: Failed none for illegal user user from 64.21.10.2 port 37217 ssh2 Mar 2 11:38:56 freedom sshd[47918]: Failed publickey for illegal user user from 64.21.10.2 port 37217 ssh2 Mar 2 11:38:56 freedom sshd[47918]: Failed keyboard-interactive for illegal user user from 64.21.10.2 port 37217 ssh2 Mar 2 11:38:56 freedom sshd[47918]: Failed password for illegal user user from 64.21.10.2 port 37217 ssh2 Mar 2 11:38:56 freedom sshd[47918]: Failed password for illegal user user from 64.21.10.2 port 37217 ssh2 Mar 2 11:38:59 freedom sshd[47919]: Failed password for ROOT from 64.21.10.2 port 37218 ssh2 Mar 2 11:38:59 freedom sshd[47919]: Failed password for ROOT from 64.21.10.2 port 37218 -- Phillip To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message