Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 02 Dec 2001 21:39:10 +0000
From:      slamdunk <slamdunk@neophile.net>
To:        security@FreeBSD.ORG
Subject:   Is this an attempt on SSH hack?
Message-ID:  <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com>
next in thread | raw e-mail | index | archive | help 
Dec 2 01:01:01 www sshd[15014]: log: Connection from 213.207.20.90 port 1685
Dec 2 01:01:06 www sshd[15015]: log: Connection from 213.207.20.90 port 1697
Dec 2 01:01:06 www sshd[15015]: fatal: Did not receive ident string.
Dec 2 01:01:11 www sshd[15014]: fatal: Did not receive ident string.
Dec 2 01:02:28 www sshd[15026]: log: Connection from 213.196.5.84 port 2867
Dec 2 01:02:40 www sshd[15027]: log: Connection from 213.196.5.84 port 2868
Dec 2 01:02:42 www sshd[15028]: log: Connection from 213.196.5.84 port 2869
Dec 2 01:02:44 www sshd[15029]: log: Connection from 213.196.5.84 port 2870
Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted check bytes on input.
Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted check bytes on input.
Dec 2 01:02:46 www sshd[15030]: log: Connection from 213.196.5.84 port 2871
Dec 2 01:02:47 www sshd[15031]: log: Connection from 213.196.5.84 port 2872
Dec 2 01:02:49 www sshd[15032]: log: Connection from 213.196.5.84 port 2873

Repeated about 20 times on sequential ports

Dec 2 01:03:13 www sshd[15044]: log: Connection from 213.196.5.84 port 2888
Dec 2 01:03:15 www sshd[15045]: log: Connection from 213.196.5.84 port 2890
Dec 2 01:03:17 www sshd[15046]: log: Connection from 213.196.5.84 port 2892
Dec 2 01:03:19 www sshd[15047]: log: Connection from 213.196.5.84 port 2893
Dec 2 01:03:21 www sshd[15048]: log: Connection from 213.196.5.84 port 2894
Dec 2 01:03:23 www sshd[15049]: log: Connection from 213.196.5.84 port 2896
Dec 2 01:03:25 www sshd[15050]: log: Connection from 213.196.5.84 port 2897

Repeated up to port 3784

Dec 2 01:22:55 www sshd[15834]: log: Connection from 213.196.5.84 port 3784

Running SSH Version OpenSSH-1.2.2, protocol version 1.5.
Compiled with SSL.

Need I be worried?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011202213039.00a99d88>