MORE SSH Hacking: heads-up

[Brian Fahrlander <brian fahrlander net>]

    From last night's LogWatch:
--------------------------------------------------------------------------

sshd:
   Invalid Users:
      Unknown Account: 7 Time(s)
   Unknown Entries:
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=johnstongrain.com  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=smms-mriley09d.chemistry.uq.edu.au  : 2 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=211.117.191.70  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=216.97.110.1  : 1 Time(s)
      authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser=
rhost=ccia-062-204-197-193.uned.es  : 1 Time(s)

su:
   Sessions Opened:
      brian(uid=500) -> root: 1 Time(s)

------------------------------------------------------------------------

    Ok, guys- what do we do with this?  Should we be writing down the
addresses from which these attempts were made? They're probably all
'stooge' addresses, I know, but it might help authorities to know what
other machines have been compromised...

    I'll go save the log somewhere...

------------------------------------------------------------------------


-- 
------------------------------------------------------------------------
Brian FahrlÃnder                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part