Was I almost hacked?
Leonard, Phil
Phil.Leonard at dsionline.com
Tue Aug 10 20:34:37 CDT 2004
I've had several similar events happen in the last week. Must be some new script going around.
-----Original Message-----
From: owner-kclug at kclug.org [mailto:owner-kclug at kclug.org]On Behalf Of
Greg Kedrovsky
Sent: Tuesday, August 10, 2004 3:13 PM
To: kclug
Subject: Was I almost hacked?
Ever since I moved up into the mountains, I lost my cable modem that I
had down in "the city." That means my Freesco router (running IPChains)
is down and out, and not in use. I haven't bothered to configure it for
dial-up since I got a barebones machine (little Shuttle, pretty cool) to
use with IPCop. Anyway...
I connect via dial-up and have no firewall.
I monitor my /var/log/messages with tail -f, so I can see what's going
on in my system.
While I was on-line receiving and sending mail, I saw a bunch of lines
whiz by in my term window running tail. Here is what came through:
pppd[6389]: Serial connection established.
pppd[6389]: Using interface ppp0
pppd[6389]: Connect: ppp0 <--> /dev/modem
pppd[6389]: local IP address 196.40.40.189
pppd[6389]: remote IP address 196.40.40.1
sshd[7012]: Illegal user test from 202.114.75.193
sshd[7012]: Failed password for illegal user test from 202.114.75.193 port 3595 ssh2
sshd[7014]: Illegal user guest from 202.114.75.193
sshd[7014]: Failed password for illegal user guest from 202.114.75.193 port 3675 ssh2
sshd[7034]: Illegal user admin from 202.114.75.193
sshd[7034]: Failed password for illegal user admin from 202.114.75.193 port 3791 ssh2
pppd[6389]: Terminating on signal 2.
pppd[6389]: Connection terminated.
pppd[6389]: Connect time 8.0 minutes.
pppd[6389]: Sent 41718 bytes, received 298358 bytes.
pppd[6389]: Exit.
Sorry, looks like those lines are going to wrap on me, the lines in
question.
If I understand the messages right, a guy with IP 200.114.75.193 tried
to hack into my system via 3 different ports (probably had some
program trying commonly open ports?).
Since he tried with 3 different usernames (test, guest, admin), I'm
gathering he thought he was hacking a Winders machine. ?? Doesn't "root"
in Winders use the username "admin"?
Am I reading this correctly? I wonder how hard IPCop is gonna be to get
running on dial-up, with Squid, dial on demand, etc. & et al.
Maybe I should try hunting this little script kiddie maggot down, and
doing him some bodily harm.
-Greg
--
Mutt 1.4.1i on Slackware 9.1 Linux
Tres RÃos & San Jose, Costa Rica
Personal Site: www.greg-and-sue.com
Church Site: www.iglesia-del-este.com
Conexion Site: www.extreme-service.com
When I hear somebody sigh, "Life is hard," I am always
tempted to ask, "Compared to what?" - Syndey J. Harris
erminated.
pppd[6389]: Connect time 8.0 minutes.
pppd[6389]: Sent 41718 bytes, received 298358 bytes.
pppd[6389]: Exit.
Sorry, looks like those lines are going to wrap on me, the lines in
question.
If I understand the messages right, a guy with IP 200.114.75.193 tried
to hack into my system via 3 different ports (probably had some
program trying commonly open ports?).
Since he tried with 3 different usernames (test, guest, admin), I'm
gathering he thought he was hacking a Winders machine. ?? Doesn't "root"
in Winders use the username "admin"?
Am I reading this correctly? I wonder how hard IPCop is gonna be to get
running on dial-up, with Squid, dial on demand, etc. & et al.
Maybe I should try hunting this little script kiddie maggot down, and
doing him some bodily harm.
-Greg
--
Mutt 1.4.1i on Slackware 9.1 Linux
Tres Ríos & San Jose, Costa Rica
Personal Site: www.greg-and-sue.com
Church Site: www.iglesia-del-este.com
Conexion Site: www.extreme-service.com
When I hear somebody sigh, "Life is hard," I am always
tempted to ask, "Compared to what?" - Syndey J. Harris
More information about the Kclug
mailing list