posible ataque ??

Roberto Leiva M. (Lista) rlm_lista en floresinternacional.cl
Mie Nov 29 11:51:38 CLST 2006


Tengo un firewall Centos 4.4 al dia con shorewall.

En el log se aprecian las sgtes lineas:

Nov 29 11:37:49 gw sshd(pam_unix)[11215]: authentication failure; logname= uid=0 euid=0 tty=ssh 
ruser= rhost=66.192.113.8  user=root
Nov 29 11:37:52 gw sshd(pam_unix)[11217]: authentication failure; logname= uid=0 euid=0 tty=ssh 
ruser= rhost=66.192.113.8  user=root
Nov 29 11:37:56 gw sshd(pam_unix)[11219]: authentication failure; logname= uid=0 euid=0 tty=ssh 
ruser= rhost=66.192.113.8  user=root
Nov 29 11:38:00 gw sshd(pam_unix)[11221]: authentication failure; logname= uid=0 euid=0 tty=ssh 
ruser= rhost=66.192.113.8  user=root
[...] se repiten constantemente

sera un ataque de fuerza bruta ?? que se puede hacer ??

datos:
[@gw ~]# traceroute 66.192.113.8
traceroute to 66.192.113.8 (66.192.113.8), 30 hops max, 38 byte packets
  1  200.75.24.65 (200.75.24.65)  0.523 ms  0.810 ms  0.334 ms
  2  200.55.210.62 (200.55.210.62)  0.579 ms  0.558 ms  0.531 ms
  3  CORE-INT-1.gtdinternet.com (200.75.0.66)  0.649 ms  0.671 ms  0.596 ms
  4  CORE-INT-2.gtdinternet.com (201.238.238.26)  0.959 ms  0.850 ms  0.806 ms
  5  san1-gtd-1-cl.san.seabone.net (195.22.221.89)  109.892 ms  109.477 ms  109.273 ms
  6  ash1-new1-racc1.new.seabone.net (195.22.216.225)  153.307 ms  153.378 ms  153.707 ms
  7  * * *
  8  core-02-ge-0-3-0-1.asbn.twtelecom.net (64.129.249.17)  146.813 ms  147.995 ms  147.139 ms
  9  dist-02-so-0-0-0-0.roch.twtelecom.net (66.192.240.8)  197.103 ms  158.303 ms  153.267 ms
10  hagg-02-ge-3-3-0-504.roch.twtelecom.net (66.192.240.155)  152.857 ms  167.992 ms  159.473 ms
11  207.250.127.10 (207.250.127.10)  242.489 ms  213.470 ms  270.765 ms
12  mail.rochesterymca.org (66.192.113.8)  241.597 ms  282.269 ms  192.596 ms


atte.
--
Roberto Leiva M.
Santiago - Chile


Más información sobre la lista de distribución Linux