small bit from /var/log/messages: Nov 6 19:57:45 blue login[31450]: FAILED LOGIN 3 FROM 193.123.219.X FOR iris, User not known to the underlying authentication module Nov 6 19:57:47 blue PAM_pwdb[31450]: check pass; user unknown Nov 6 19:57:48 blue login[31450]: FAILED LOGIN SESSION FROM 193.123.219.X FOR gerd, User not known to the underlying authentication module Nov 6 19:57:53 blue telnetd[31452]: ttloop: peer died: EOF Nov 6 19:57:53 blue inetd[497]: pid 31452: exit status 1 Nov 6 19:58:01 blue PAM_pwdb[31454]: check pass; user unknown Nov 6 19:58:03 blue login[31454]: FAILED LOGIN 1 FROM X.dsl.lsan03.pacbell.net FOR alok, User not known to the underlying authentication module Nov 6 19:58:05 blue PAM_pwdb[31454]: check pass; user unknown Nov 6 19:58:06 blue login[31454]: FAILED LOGIN 2 FROM X.dsl.lsan03.pacbell.net FOR demo, User not known to the underlying authentication module Nov 6 19:58:08 blue PAM_pwdb[31454]: check pass; user unknown Nov 6 19:58:09 blue login[31454]: FAILED LOGIN 3 FROM X.dsl.lsan03.pacbell.net FOR isel, User not known to the underlying authentication module Nov 6 19:58:11 blue PAM_pwdb[31454]: check pass; user unknown Nov 6 19:58:12 blue login[31454]: FAILED LOGIN SESSION FROM X.lsan03.pacbell.net FOR hong, User not known to the underlying authentication module Nov 6 19:58:20 blue PAM_pwdb[31456]: check pass; user unknown Nov 6 19:58:21 blue login[31456]: FAILED LOGIN 1 FROM X.mw.mediaone.net FOR dawit, User not known to the underlying authentication module Nov 6 19:58:23 blue PAM_pwdb[31456]: check pass; user unknown Nov 6 19:58:24 blue login[31456]: FAILED LOGIN 2 FROM X.mw.mediaone.net FOR efram, User not known to the underlying authentication module Nov 6 19:58:26 blue PAM_pwdb[31456]: check pass; user unknown Nov 6 19:58:27 blue login[31456]: FAILED LOGIN 3 FROM X.mw.mediaone.net FOR daffy, User not known to the underlying authentication module Nov 6 19:58:30 blue PAM_pwdb[31456]: check pass; user unknown Nov 6 19:58:31 blue login[31456]: FAILED LOGIN SESSION FROM X.mw.mediaone.net FOR edsel, User not known to the underlying authentication module Nov 6 19:59:00 blue PAM_pwdb[31459]: check pass; user unknown Nov 6 19:59:01 blue login[31459]: FAILED LOGIN 1 FROM X.aps.pl FOR craig, User not known to the underlying authentication module Nov 6 19:59:07 blue PAM_pwdb[31459]: check pass; user unknown Nov 6 19:59:08 blue login[31459]: FAILED LOGIN 2 FROM X.aps.pl FOR darin, User not known to the underlying authentication module login attempts are about 10 mins apart from each site.. might i say, I've probably being hit by about 50-60 different IP's of course, I have killed telnetd & am replying on ssh. is this a worm/virus? or have i pissed someone off??? Any suggestions, help, comments welcome. Nick ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 08 2001 - 17:35:05 PST