Massassi Forums Logo

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

ForumsDiscussion Forum → So I figured out what all the outgoing traffic on my server was...
So I figured out what all the outgoing traffic on my server was...
2005-01-10, 4:27 PM #1
Not web, since I have virtually no content yet. Not FTP, only a few files. It's been...denied SSH requests!

Oh, and this is from TODAY.

Quote:
Jan 10 04:08:35 [sshd] Did not receive identification string from 217.22.52.34
Jan 10 04:16:11 [sshd] Invalid user slapme from 217.22.52.34
Jan 10 04:16:11 [sshd] Did not receive identification string from 69.44.152.231
Jan 10 04:16:15 [sshd] Invalid user oracle from 217.22.52.34
Jan 10 04:16:16 [sshd] Invalid user www from 217.22.52.34
Jan 10 04:16:17 [sshd] Invalid user master from 217.22.52.34
Jan 10 04:16:19 [sshd] Invalid user info from 217.22.52.34
Jan 10 04:16:25 [sshd] Invalid user backup from 217.22.52.34
Jan 10 04:16:26 [sshd] Invalid user computer from 217.22.52.34
Jan 10 04:16:30 [sshd] Invalid user webmaster from 217.22.52.34
Jan 10 04:16:31 [sshd] Invalid user info from 217.22.52.34
Jan 10 04:16:39 [sshd] Invalid user webmaster from 217.22.52.34
Jan 10 04:17:02 [sshd] Invalid user jack from 217.22.52.34
- Last output repeated twice -
Jan 10 04:17:04 [sshd] Invalid user student from 217.22.52.34
Jan 10 04:17:08 [sshd] Invalid user user from 217.22.52.34
Jan 10 04:17:13 [sshd] Invalid user alex from 217.22.52.34
- Last output repeated twice -
Jan 10 04:17:18 [sshd] Invalid user paul from 217.22.52.34
- Last output repeated twice -
Jan 10 04:17:22 [sshd] Invalid user valentin from 217.22.52.34
Jan 10 04:17:26 [sshd] Invalid user love from 217.22.52.34
Jan 10 04:17:30 [sshd] Invalid user access from 217.22.52.34
Jan 10 04:17:31 [sshd] Invalid user game from 217.22.52.34
Jan 10 04:17:32 [sshd] Invalid user sex from 217.22.52.34
Jan 10 04:17:33 [sshd] Invalid user web from 217.22.52.34
Jan 10 04:17:34 [sshd] Invalid user url from 217.22.52.34
Jan 10 04:17:38 [sshd] Invalid user user from 217.22.52.34
Jan 10 04:17:39 [sshd] Invalid user run from 217.22.52.34
Jan 10 04:17:40 [sshd] Invalid user check from 217.22.52.34
Jan 10 04:17:41 [sshd] Invalid user server from 217.22.52.34
Jan 10 04:17:42 [sshd] Invalid user evil from 217.22.52.34
Jan 10 04:17:43 [sshd] Invalid user turbo from 217.22.52.34
Jan 10 04:17:47 [sshd] Invalid user player from 217.22.52.34
- Last output repeated twice -
Jan 10 04:17:51 [sshd] Invalid user abc from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:17:57 [sshd] Invalid user linux from 217.22.52.34
- Last output repeated twice -
Jan 10 04:18:02 [sshd] Invalid user power from 217.22.52.34
- Last output repeated twice -
Jan 10 04:18:07 [sshd] Invalid user mimi from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:18:16 [sshd] Invalid user compaq from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:18:19 [sshd] Invalid user shop from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:18:37 [sshd] Invalid user captain from 217.22.52.34
Jan 10 04:18:38 [sshd] Invalid user robert from 217.22.52.34
Jan 10 04:18:39 [sshd] Invalid user nelson from 217.22.52.34
Jan 10 04:18:40 [sshd] Invalid user robert from 217.22.52.34
Jan 10 04:18:41 [sshd] Invalid user nelson from 217.22.52.34
Jan 10 04:18:47 [sshd] Invalid user robert from 217.22.52.34
Jan 10 04:18:48 [sshd] Invalid user nelson from 217.22.52.34
Jan 10 04:18:49 [sshd] Invalid user james from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:18:53 [sshd] Invalid user xxx from 217.22.52.34
Jan 10 04:19:01 [sshd] Invalid user temp from 217.22.52.34
Jan 10 04:19:02 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:03 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:04 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:05 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:06 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:07 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:08 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:09 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:10 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:15 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:16 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:18 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:18 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:22 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:23 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:24 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:25 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:26 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:27 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:28 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:32 [sshd] Invalid user dan from 217.22.52.34
Jan 10 04:19:33 [sshd] Invalid user fred from 217.22.52.34
Jan 10 04:19:34 [sshd] Invalid user bill from 217.22.52.34
Jan 10 04:19:35 [sshd] Invalid user paul from 217.22.52.34
Jan 10 04:19:36 [sshd] Invalid user fun from 217.22.52.34
Jan 10 04:19:37 [sshd] Invalid user file from 217.22.52.34
Jan 10 04:19:38 [sshd] Invalid user america from 217.22.52.34
Jan 10 04:19:39 [sshd] Invalid user usa from 217.22.52.34
Jan 10 04:19:40 [sshd] Invalid user emil from 217.22.52.34
Jan 10 04:19:41 [sshd] Invalid user snake from 217.22.52.34
Jan 10 04:19:42 [sshd] Invalid user time from 217.22.52.34
Jan 10 04:19:43 [sshd] Invalid user carmen from 217.22.52.34
Jan 10 04:19:44 [sshd] Invalid user doctor from 217.22.52.34
Jan 10 04:19:46 [sshd] Invalid user server from 217.22.52.34
Jan 10 04:19:47 [sshd] Invalid user data from 217.22.52.34
Jan 10 04:19:48 [sshd] Invalid user frank from 217.22.52.34
Jan 10 04:19:49 [sshd] Invalid user kevin from 217.22.52.34
Jan 10 04:19:50 [sshd] Invalid user tamara from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:19:54 [sshd] Invalid user jack from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:19:59 [sshd] Invalid user love from 217.22.52.34
- Last output repeated 6 times -
Jan 10 04:20:07 [sshd] Invalid user kid from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:20:10 [sshd] Invalid user sport from 217.22.52.34
Jan 10 04:20:14 [sshd] Invalid user sports from 217.22.52.34
Jan 10 04:20:18 [sshd] Invalid user run from 217.22.52.34
Jan 10 04:20:19 [sshd] Invalid user slow from 217.22.52.34
Jan 10 04:20:20 [sshd] Invalid user thc from 217.22.52.34
Jan 10 04:20:21 [sshd] Invalid user nasa from 217.22.52.34
Jan 10 04:20:22 [sshd] Invalid user mark from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:20:30 [sshd] Invalid user wolf from 217.22.52.34
Jan 10 04:20:31 [sshd] Invalid user dog from 217.22.52.34
Jan 10 04:20:32 [sshd] Invalid user cat from 217.22.52.34
Jan 10 04:20:33 [sshd] Invalid user tom from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:20:38 [sshd] Invalid user karla from 217.22.52.34
Jan 10 04:20:39 [sshd] Invalid user king from 217.22.52.34
Jan 10 04:20:39 [sshd] Invalid user linux from 217.22.52.34
Jan 10 04:22:14 [sshd] Invalid user backup from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:22:25 [sshd] Invalid user sybase from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:22:30 [sshd] Invalid user www from 217.22.52.34
- Last output repeated 5 times -
Jan 10 04:22:36 [sshd] Invalid user oracle from 217.22.52.34
- Last output repeated 6 times -
Jan 10 04:22:57 [sshd] Invalid user joel from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:23:07 [sshd] Invalid user john from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:23:11 [sshd] Invalid user pamela from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:23:18 [sshd] Invalid user frank from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:23:27 [sshd] Invalid user admin from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:23:33 [sshd] Invalid user web from 217.22.52.34
- Last output repeated twice -
Jan 10 04:23:35 [sshd] Invalid user patrick from 69.44.152.231
- Last output repeated twice -
Jan 10 04:23:36 [sshd] Invalid user web from 217.22.52.34
Jan 10 04:23:37 [sshd] Invalid user rolo from 69.44.152.231
Jan 10 04:23:37 [sshd] Invalid user web from 217.22.52.34
Jan 10 04:23:37 [sshd] Invalid user iceuser from 69.44.152.231
Jan 10 04:23:37 [sshd] Invalid user horde from 69.44.152.231
Jan 10 04:23:37 [sshd] Invalid user web from 217.22.52.34
Jan 10 04:23:38 [sshd] Invalid user www from 69.44.152.231
Jan 10 04:23:38 [sshd] Invalid user wwwrun from 69.44.152.231
Jan 10 04:23:38 [sshd] Invalid user web from 217.22.52.34
Jan 10 04:23:38 [sshd] Invalid user test from 69.44.152.231
- Last output repeated 3 times -
Jan 10 04:23:39 [sshd] Invalid user www-data from 217.22.52.34
Jan 10 04:23:39 [sshd] Invalid user www-data from 69.44.152.231
Jan 10 04:23:40 [sshd] Invalid user www-data from 217.22.52.34
Jan 10 04:23:41 [sshd] Invalid user irc from 69.44.152.231
Jan 10 04:23:41 [sshd] Invalid user www-data from 217.22.52.34
Jan 10 04:23:41 [sshd] Invalid user irc from 69.44.152.231
Jan 10 04:23:42 [sshd] Invalid user adam from 217.22.52.34
Jan 10 04:23:42 [sshd] Invalid user jane from 69.44.152.231
Jan 10 04:23:43 [sshd] Invalid user pamela from 69.44.152.231
Jan 10 04:23:43 [sshd] Invalid user adam from 217.22.52.34
- Last output repeated twice -
Jan 10 04:23:45 [sshd] Invalid user cosmin from 69.44.152.231
Jan 10 04:23:45 [sshd] Invalid user adam from 217.22.52.34
- Last output repeated twice -
Jan 10 04:23:47 [sshd] Invalid user administrator from 217.22.52.34
Jan 10 04:23:48 [sshd] Invalid user irc from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:23:56 [sshd] Invalid user master from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:23:59 [sshd] Invalid user info from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:02 [sshd] Invalid user amanda from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:24:05 [sshd] Invalid user cip52 from 69.44.152.231
Jan 10 04:24:06 [sshd] Invalid user cip51 from 69.44.152.231
Jan 10 04:24:06 [sshd] Invalid user noc from 69.44.152.231
Jan 10 04:24:08 [sshd] Invalid user webmaster from 69.44.152.231
Jan 10 04:24:08 [sshd] Invalid user data from 69.44.152.231
Jan 10 04:24:08 [sshd] Invalid user user from 69.44.152.231
- Last output repeated 2 times -
Jan 10 04:24:09 [sshd] Invalid user web from 69.44.152.231
- Last output repeated twice -
Jan 10 04:24:09 [sshd] Invalid user jonathan from 217.22.52.34
Jan 10 04:24:09 [sshd] Invalid user oracle from 69.44.152.231
Jan 10 04:24:10 [sshd] Invalid user sybase from 69.44.152.231
Jan 10 04:24:10 [sshd] Invalid user master from 69.44.152.231
Jan 10 04:24:10 [sshd] Invalid user jonathan from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:13 [sshd] Invalid user account from 69.44.152.231
Jan 10 04:24:13 [sshd] Invalid user backup from 69.44.152.231
Jan 10 04:24:14 [sshd] Invalid user nick from 217.22.52.34
Jan 10 04:24:14 [sshd] Invalid user server from 69.44.152.231
Jan 10 04:24:14 [sshd] Invalid user nick from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:17 [sshd] Invalid user adam from 69.44.152.231
Jan 10 04:24:17 [sshd] Invalid user alan from 69.44.152.231
Jan 10 04:24:17 [sshd] Invalid user nate from 217.22.52.34
Jan 10 04:24:17 [sshd] Invalid user frank from 69.44.152.231
Jan 10 04:24:18 [sshd] Invalid user george from 69.44.152.231
Jan 10 04:24:18 [sshd] Invalid user henry from 69.44.152.231
Jan 10 04:24:18 [sshd] Invalid user nate from 217.22.52.34
Jan 10 04:24:18 [sshd] Invalid user john from 69.44.152.231
Jan 10 04:24:19 [sshd] Invalid user nate from 217.22.52.34
Jan 10 04:24:20 [sshd] Invalid user test from 69.44.152.231
Jan 10 04:24:20 [sshd] Invalid user nate from 217.22.52.34
Jan 10 04:24:21 [sshd] Invalid user love from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:31 [sshd] Invalid user gpm from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:34 [sshd] Invalid user jesus from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:24:41 [sshd] Invalid user god from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:24:47 [sshd] Invalid user biology from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:24:55 [sshd] Invalid user sex from 217.22.52.34
Jan 10 04:24:56 [sshd] Invalid user kill from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:24:59 [sshd] Invalid user ftpusers from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:25:06 [sshd] Invalid user data from 217.22.52.34
- Last output repeated 4 times -
Jan 10 04:25:11 [sshd] Invalid user database from 217.22.52.34
- Last output repeated 2 times -
Jan 10 04:25:17 [sshd] Invalid user sql from 217.22.52.34
- Last output repeated 3 times -
Jan 10 04:25:55 [sshd] Invalid user r from 217.22.52.34
Jan 10 06:30:44 [sshd] Did not receive identification string from 69.72.130.178
Jan 10 16:00:58 [sshd] Did not receive identification string from 67.18.31.162
Jan 10 16:08:04 [sshd] Invalid user test from 67.18.31.162
Jan 10 16:08:04 [sshd] reverse mapping checking getaddrinfo for 162.67-18-31.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:08:06 [sshd] User guest not allowed because shell /dev/null is not executable
Jan 10 16:08:09 [sshd] Invalid user admin from 67.18.31.162
Jan 10 16:08:09 [sshd] reverse mapping checking getaddrinfo for 162.67-18-31.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:08:10 [sshd] Invalid user admin from 67.18.31.162
Jan 10 16:08:10 [sshd] Invalid user user from 67.18.31.162
Jan 10 16:08:10 [sshd] reverse mapping checking getaddrinfo for 162.67-18-31.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
- Last output repeated 4 times -
Jan 10 16:08:12 [sshd] Invalid user test from 67.18.31.162
Jan 10 16:08:12 [sshd] reverse mapping checking getaddrinfo for 162.67-18-31.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
- Last output repeated twice -
Jan 10 16:17:54 [sshd] Did not receive identification string from 67.18.31.162
Jan 10 16:28:09 [sshd] Did not receive identification string from 69.93.222.178
Jan 10 16:35:17 [sshd] Invalid user test from 69.93.222.178
Jan 10 16:35:17 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:35:18 [sshd] User guest not allowed because shell /dev/null is not executable
Jan 10 16:35:18 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:35:18 [sshd] Invalid user admin from 69.93.222.178
Jan 10 16:35:18 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:35:19 [sshd] Invalid user admin from 69.93.222.178
Jan 10 16:35:19 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 16:35:22 [sshd] Invalid user user from 69.93.222.178
Jan 10 16:35:22 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
- Last output repeated 3 times -
Jan 10 16:35:24 [sshd] Invalid user test from 69.93.222.178
Jan 10 16:35:24 [sshd] reverse mapping checking getaddrinfo for 178.69-93-222.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 10 19:05:32 [sshd] Accepted keyboard-interactive/pam for matt from 129.21.106.41 port 1558 ssh2
Jan 10 19:05:32 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:05:32 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Jan 10 19:09:40 [sshd] Accepted keyboard-interactive/pam for matt from 129.21.106.41 port 1566 ssh2
Jan 10 19:09:40 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:09:40 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Jan 10 19:10:41 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:10:41 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Jan 10 19:11:22 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:11:22 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Jan 10 19:11:28 [sshd] Accepted keyboard-interactive/pam for root from 129.21.106.41 port 1569 ssh2
Jan 10 19:11:28 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:11:28 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Jan 10 19:11:28 [sshd] PAM pam_putenv: delete non-existent entry; DISPLAY
Jan 10 19:11:28 [sshd] PAM pam_putenv: delete non-existent entry; XAUTHORITY
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2005-01-10, 4:32 PM #2
Script kiddies are so 1337.
2005-01-10, 4:34 PM #3
Anyone know how I'd setup iptables to only allow requests from within the campus? It would basically be *.rit.edu. I want to be able to access my server anywhere on campus but I'd like to keep the baddies out too. All the requests have been from the outside world, and I don't care about a few ********s on campus trying to get into my server.
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2005-01-10, 4:35 PM #4
I would like to state... the aformentioned "Bill" has no connection to myself.

Kill anyone that leeches your bandwidth, Emon, for they are deserving of such a fate.
>>untie shoes
2005-01-10, 4:42 PM #5
Emon: iptables tutorials, short, lengthy.
And when the moment is right, I'm gonna fly a kite.
2005-01-10, 4:51 PM #6
Wow, Emon. You sure have many loyal friends out there! :p
Frozen in the past by ICARUS
2005-01-10, 5:10 PM #7
Thanks GBK, but I figured it out. 129.21.0.0/255.255.0.0 is the proper mask to allow only LAN traffic. Or 129.21.0.0/16 I think? It's been too long.
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2005-01-11, 8:22 AM #8
Don't permit password log-in and use ssh-keys. They are much more secure.
Sorry for the lousy German
2005-01-11, 3:25 PM #9
but don't you need to carry that key around with you on some form of media, i wouldn't mind using ssh key but the issue is i don't have any usb flashdrive and i used to have one but it died on me for some reason probably just abuse it was on my key chain, and another issue is... i'm in software engineering department and often we work eighter on windows machine, dell's ofc, bah, or sun blade 150's i believe and i'm not sure how the heck those sunblades would do w/ my usb never tested it yet but i don't know if they support flash usb sticks anyway.
Echoman: If I can create energy from stupidity, the world's power supply will never end...
2005-01-12, 5:33 AM #10
Burn it on CD.
Sorry for the lousy German
2005-01-12, 5:38 AM #11
Heeeeee

Jan 10 04:24:34 [sshd] Invalid user jesus from 217.22.52.34
Jan 10 04:24:41 [sshd] Invalid user god from 217.22.52.34
"The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt. " - Bertrand Russell
The Triumph of Stupidity in Mortals and Others 1931-1935

↑ Up to the top!