posible ataque ??
Roberto Leiva M. (Lista)
rlm_lista en floresinternacional.cl
Mie Nov 29 11:51:38 CLST 2006
Tengo un firewall Centos 4.4 al dia con shorewall.
En el log se aprecian las sgtes lineas:
Nov 29 11:37:49 gw sshd(pam_unix)[11215]: authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=66.192.113.8 user=root
Nov 29 11:37:52 gw sshd(pam_unix)[11217]: authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=66.192.113.8 user=root
Nov 29 11:37:56 gw sshd(pam_unix)[11219]: authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=66.192.113.8 user=root
Nov 29 11:38:00 gw sshd(pam_unix)[11221]: authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=66.192.113.8 user=root
[...] se repiten constantemente
sera un ataque de fuerza bruta ?? que se puede hacer ??
datos:
[@gw ~]# traceroute 66.192.113.8
traceroute to 66.192.113.8 (66.192.113.8), 30 hops max, 38 byte packets
1 200.75.24.65 (200.75.24.65) 0.523 ms 0.810 ms 0.334 ms
2 200.55.210.62 (200.55.210.62) 0.579 ms 0.558 ms 0.531 ms
3 CORE-INT-1.gtdinternet.com (200.75.0.66) 0.649 ms 0.671 ms 0.596 ms
4 CORE-INT-2.gtdinternet.com (201.238.238.26) 0.959 ms 0.850 ms 0.806 ms
5 san1-gtd-1-cl.san.seabone.net (195.22.221.89) 109.892 ms 109.477 ms 109.273 ms
6 ash1-new1-racc1.new.seabone.net (195.22.216.225) 153.307 ms 153.378 ms 153.707 ms
7 * * *
8 core-02-ge-0-3-0-1.asbn.twtelecom.net (64.129.249.17) 146.813 ms 147.995 ms 147.139 ms
9 dist-02-so-0-0-0-0.roch.twtelecom.net (66.192.240.8) 197.103 ms 158.303 ms 153.267 ms
10 hagg-02-ge-3-3-0-504.roch.twtelecom.net (66.192.240.155) 152.857 ms 167.992 ms 159.473 ms
11 207.250.127.10 (207.250.127.10) 242.489 ms 213.470 ms 270.765 ms
12 mail.rochesterymca.org (66.192.113.8) 241.597 ms 282.269 ms 192.596 ms
atte.
--
Roberto Leiva M.
Santiago - Chile
Más información sobre la lista de distribución Linux