Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Mac > Mac Comm > FTP Attack is n...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 10 Topic 2931 of 3011
 Post > Topic >>

FTP Attack is now SSH as well

by Rob <rdemby@[EMAIL PROTECTED] > Apr 10, 2008 at 08:35 PM

Hi All,
Here is a partial listing from the secure log:


Apr 10 07:21:46 7300-G4 sshd[5778]: Invalid user ssh from 216.193.250.180
Apr 10 07:21:46 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user ssh.
Apr 10 07:21:46 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:46 7300-G4 sshd[5778]: Failed password for invalid user 
ssh from 216.193.250.180 ****t 33623 ssh2
Apr 10 07:21:49 7300-G4 sshd[5781]: Invalid user search from
216.193.250.180
Apr 10 07:21:50 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user search.
Apr 10 07:21:50 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:50 7300-G4 sshd[5781]: Failed password for invalid user 
search from 216.193.250.180 ****t 33901 ssh2
Apr 10 07:21:52 7300-G4 sshd[5783]: Invalid user sara from 216.193.250.180
Apr 10 07:21:52 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user sara.
Apr 10 07:21:52 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:52 7300-G4 sshd[5783]: Failed password for invalid user 
sara from 216.193.250.180 ****t 35141 ssh2
Apr 10 07:21:54 7300-G4 sshd[5785]: Invalid user robert from
216.193.250.180
Apr 10 07:21:54 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user robert.
Apr 10 07:21:54 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:54 7300-G4 sshd[5785]: Failed password for invalid user 
robert from 216.193.250.180 ****t 35431 ssh2
Apr 10 07:21:56 7300-G4 sshd[5787]: Invalid user richard from
216.193.250.180
Apr 10 07:21:56 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user richard.
Apr 10 07:21:56 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:56 7300-G4 sshd[5787]: Failed password for invalid user 
richard from 216.193.250.180 ****t 36361 ssh2
Apr 10 07:21:59 7300-G4 sshd[5790]: Invalid user party from
216.193.250.180
Apr 10 07:21:59 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user party.
Apr 10 07:21:59 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:21:59 7300-G4 sshd[5790]: Failed password for invalid user 
party from 216.193.250.180 ****t 36916 ssh2
Apr 10 07:22:01 7300-G4 sshd[5792]: Invalid user amanda from
216.193.250.180
Apr 10 07:22:01 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user amanda.
Apr 10 07:22:01 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:02 7300-G4 sshd[5792]: Failed password for invalid user 
amanda from 216.193.250.180 ****t 37867 ssh2
Apr 10 07:22:04 7300-G4 sshd[5794]: Invalid user rpm from 216.193.250.180
Apr 10 07:22:04 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user rpm.
Apr 10 07:22:04 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:05 7300-G4 sshd[5794]: Failed password for invalid user 
rpm from 216.193.250.180 ****t 38064 ssh2
Apr 10 07:22:09 7300-G4 sshd[5796]: Invalid user operator from
216.193.250.180
Apr 10 07:22:09 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user operator.
Apr 10 07:22:09 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:09 7300-G4 sshd[5796]: Failed password for invalid user 
operator from 216.193.250.180 ****t 38862 ssh2
Apr 10 07:22:12 7300-G4 sshd[5799]: Invalid user sgi from 216.193.250.180
Apr 10 07:22:12 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user sgi.
Apr 10 07:22:12 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:12 7300-G4 sshd[5799]: Failed password for invalid user 
sgi from 216.193.250.180 ****t 39796 ssh2
Apr 10 07:22:14 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user sshd.
Apr 10 07:22:14 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:14 7300-G4 sshd[5801]: Failed password for sshd from 
216.193.250.180 ****t 40032 ssh2
Apr 10 07:22:15 7300-G4 sshd[5804]: Invalid user users from
216.193.250.180
Apr 10 07:22:15 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user users.
Apr 10 07:22:15 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:15 7300-G4 sshd[5804]: Failed password for invalid user 
users from 216.193.250.180 ****t 40902 ssh2
Apr 10 07:22:17 7300-G4 sshd[5806]: Invalid user admins from
216.193.250.180
Apr 10 07:22:17 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user admins.
Apr 10 07:22:17 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:17 7300-G4 sshd[5806]: Failed password for invalid user 
admins from 216.193.250.180 ****t 41043 ssh2
Apr 10 07:22:19 7300-G4 sshd[5809]: Invalid user admins from
216.193.250.180
Apr 10 07:22:19 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user admins.
Apr 10 07:22:19 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:19 7300-G4 sshd[5809]: Failed password for invalid user 
admins from 216.193.250.180 ****t 41268 ssh2
Apr 10 07:22:20 7300-G4 sshd[5811]: Invalid user bin from 216.193.250.180
Apr 10 07:22:20 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user bin.
Apr 10 07:22:20 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:20 7300-G4 sshd[5811]: Failed password for invalid user 
bin from 216.193.250.180 ****t 42305 ssh2
Apr 10 07:22:22 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user daemon.
Apr 10 07:22:22 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:22 7300-G4 sshd[5813]: Failed password for daemon from 
216.193.250.180 ****t 42494 ssh2
Apr 10 07:22:24 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user lp.
Apr 10 07:22:24 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:24 7300-G4 sshd[5816]: Failed password for lp from 
216.193.250.180 ****t 43111 ssh2
Apr 10 07:22:26 7300-G4 sshd[5819]: Invalid user sync from 216.193.250.180
Apr 10 07:22:26 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user sync.
Apr 10 07:22:26 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:26 7300-G4 sshd[5819]: Failed password for invalid user 
sync from 216.193.250.180 ****t 43828 ssh2
Apr 10 07:22:28 7300-G4 sshd[5822]: Invalid user shutdown from
216.193.250.180
Apr 10 07:22:28 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user shutdown.
Apr 10 07:22:28 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:28 7300-G4 sshd[5822]: Failed password for invalid user 
shutdown from 216.193.250.180 ****t 43952 ssh2
Apr 10 07:22:30 7300-G4 sshd[5824]: Invalid user halt from 216.193.250.180
Apr 10 07:22:30 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user halt.
Apr 10 07:22:30 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:30 7300-G4 sshd[5824]: Failed password for invalid user 
halt from 216.193.250.180 ****t 44565 ssh2
Apr 10 07:22:31 7300-G4 sshd[5826]: Invalid user uucp from 216.193.250.180
Apr 10 07:22:31 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user uucp.
Apr 10 07:22:31 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:31 7300-G4 sshd[5826]: Failed password for invalid user 
uucp from 216.193.250.180 ****t 45331 ssh2
Apr 10 07:22:34 7300-G4 sshd[5828]: Invalid user smmsp from
216.193.250.180
Apr 10 07:22:34 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user smmsp.
Apr 10 07:22:34 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:34 7300-G4 sshd[5828]: Failed password for invalid user 
smmsp from 216.193.250.180 ****t 45628 ssh2
Apr 10 07:22:37 7300-G4 sshd[5830]: Invalid user dean from 216.193.250.180
Apr 10 07:22:37 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user dean.
Apr 10 07:22:37 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:38 7300-G4 sshd[5830]: Failed password for invalid user 
dean from 216.193.250.180 ****t 46870 ssh2
Apr 10 07:22:41 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user unknown.
Apr 10 07:22:41 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:42 7300-G4 sshd[5833]: Failed password for unknown from 
216.193.250.180 ****t 47668 ssh2
Apr 10 07:22:44 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user securityagent.
Apr 10 07:22:44 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:44 7300-G4 sshd[5838]: Failed password for securityagent 
from 216.193.250.180 ****t 48395 ssh2
Apr 10 07:22:47 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user tokend.
Apr 10 07:22:47 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:48 7300-G4 sshd[5841]: Failed password for tokend from 
216.193.250.180 ****t 49428 ssh2
Apr 10 07:22:50 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user windowserver.
Apr 10 07:22:50 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:50 7300-G4 sshd[5845]: Failed password for windowserver 
from 216.193.250.180 ****t 50236 ssh2
Apr 10 07:22:53 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user appowner.
Apr 10 07:22:53 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:22:54 7300-G4 sshd[5848]: Failed password for appowner from 
216.193.250.180 ****t 50661 ssh2
Apr 10 07:23:00 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user xgridagent.
Apr 10 07:23:00 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:23:00 7300-G4 sshd[5851]: Failed password for xgridagent from 
216.193.250.180 ****t 51694 ssh2
Apr 10 07:23:02 7300-G4 sshd[5855]: Invalid user agent from
216.193.250.180
Apr 10 07:23:02 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user agent.
Apr 10 07:23:02 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:23:02 7300-G4 sshd[5855]: Failed password for invalid user 
agent from 216.193.250.180 ****t 53011 ssh2
Apr 10 07:23:05 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user xgridcontroller.
Apr 10 07:23:05 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:23:05 7300-G4 sshd[5857]: Failed password for xgridcontroller 
from 216.193.250.180 ****t 53674 ssh2
Apr 10 07:23:08 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user jabber.
Apr 10 07:23:08 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:23:08 7300-G4 sshd[5860]: Failed password for jabber from 
216.193.250.180 ****t 54181 ssh2
Apr 10 07:23:18 7300-G4 com.apple.SecurityServer: authinternal failed 
to authenticate user amavisd.
Apr 10 07:23:18 7300-G4 com.apple.SecurityServer: Failed to authorize 
right system.login.tty by process /usr/sbin/sshd for authorization 
created by /usr/sbin/sshd.
Apr 10 07:23:19 7300-G4 sshd[5863]: Failed password for amavisd from 
216.193.250.180 ****t 54824 ssh2
Apr 10 09:10:45 7300-G4 com.apple.SecurityServer: authinternal 
authenticated user rwdemby (uid 505).

Am I correct in assuming that if I shut the VNC server down this type 
of attack will fail?
I am getting very worried as there have been numerous attempts from 
different IPs
ie; 199.243.199.50  164.77.41.251  200.74.172.194

The only ****ts that are open on my router are 22, 515, and 631
Is SSH vulnerable?

-- 
"Each one teach one"




 10 Posts in Topic:
FTP Attack is now SSH as well
 Rob <rdemby@[EMAIL PRO  2008-04-10 20:35:45 
Re: FTP Attack is now SSH as well
 Barry Margolin <barmar  2008-04-10 22:14:26 
Re: FTP Attack is now SSH as well
 Jerry Kindall <jerryki  2008-04-10 21:42:52 
Re: FTP Attack is now SSH as well
 Barry Margolin <barmar  2008-04-11 15:31:04 
Re: FTP Attack is now SSH as well
 Tom Stiller <tomstille  2008-04-11 16:45:24 
Re: FTP Attack is now SSH as well
 Bob Harris <nospam.New  2008-04-11 02:27:14 
Re: FTP Attack is now SSH as well
 Tom Stiller <tomstille  2008-04-10 23:59:35 
Re: FTP Attack is now SSH as well
 Fred McKenzie <fmmck@[  2008-04-11 15:29:56 
Re: FTP Attack is now SSH as well
 Barry Margolin <barmar  2008-04-11 17:09:19 
Re: FTP Attack is now SSH as well
 Kevin McMurtrie <mcmur  2008-04-11 23:29:07 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Thu Jul 24 1:29:56 CDT 2008.