[lug] Attempted hack from 202.185.243.121
D. Stimits
stimits at idcomm.com
Sun Apr 21 14:40:50 MDT 2002
Paul Bille wrote:
>
> Did anyone else detect an attempted hack from 202.185.243.121 Saturday
> night / Sunday morning? I'm wondering if this is a generalized probe or
> if it's a targeted attack?
>
> I'll include some log files below. I traced it back to jaring.my in
> Malaysia where the trail went cold. They were on another system back on
> March 5 but I don't have the log files necessary to trace their
> activity.
>
> I reported the attack to abouse at jaring.my and the nccs-sf at fbi.gov
>
> Pertinent log entries:
>
> Apr 21 02:21:27 liz in.fingerd[20399]: connect from 202.185.243.121
> Apr 21 02:47:11 liz in.fingerd[20414]: connect from 202.185.243.121
> Apr 21 02:47:20 liz in.telnetd[20415]: connect from 202.185.243.121
>
> Apr 21 02:47:34 liz login[20416]: FAILED LOGIN 1 FROM 202.185.243.121
> FOR root, Authentication failure
> Apr 21 02:47:41 liz login[20416]: FAILED LOGIN 2 FROM 202.185.243.121
> FOR rpcuser, Authentication failure
> Apr 21 02:47:49 liz login[20416]: FAILED LOGIN 3 FROM 202.185.243.121
> FOR test, Authentication failure
Nothing here.
D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list