Date: Wed, 27 Feb 2002 08:18:22 -0500 From: Jim Freeze <jim@freeze.org> To: questions@freebsd.org Subject: Is this a breakin (attempt)? Message-ID: <20020227081821.A12905@freeze.org>
next in thread | raw e-mail | index | archive | help
Hi: I have received the the following report the last two days from the daily security emails and I am not sure how serious this is. The log says that it has accepted the following ssh TCP packets, but does this necessarily mean that they succesfully logged in to my machine? I do not recognize any of the addresses and I only have a few accounts on this machine. Also, doing a last on the machine only shows the known users logging in. Is there an ssh activity log that I can check? > ipfw: 2300 Accept TCP 212.185.220.151:64965 63.106.140.202:21 in via sis0 > ipfw: 2900 Accept TCP 63.217.26.40:22 63.106.140.204:22 in via sis0 > ipfw: 2300 Accept TCP 64.228.85.123:1075 63.106.140.202:21 in via sis0 > ipfw: 2600 Accept TCP 62.226.84.105:2320 63.106.140.205:21 in via sis0 > ipfw: 2900 Accept TCP 63.204.77.126:4671 63.106.140.204:22 in via sis0 nslookup 212.185.220.151 Name: pD4B9DC97.dip.t-dialin.net nslookup 63.217.26.40 Name: 63-217-26-40.sdsl.cais.net nslookup 64.228.85.123 Name: HSE-Toronto-ppp135100.sympatico.ca nslookup 62.226.84.105 Name: p3EE25469.dip.t-dialin.net nslookup 63.204.77.126 Name: adsl-63-204-77-126.gamerscircle.net Thanks -- Jim Freeze "Give some people an attoparsec and they'll take 16.093 Tera-angstroms" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020227081821.A12905>