intrusion par ssh

To: debian-user-french@lists.debian.org
Subject: intrusion par ssh
From: Gwendal Demaille <listes.gdemaille@free.fr>
Date: Wed, 23 Mar 2005 11:26:12 +0100
Message-id: <[🔎] 20050323112612.03c07c48@localhost>

Bonjour,

Ci-après le contenu de deux logchecks de ce matin. Il me semble qu'il
s'agit de tentatives (infructueuses:) de se loguer sur ma machine via
ssh.

Quelqu'un peut-il m'indiquer comment je devrais réagir en termes de
sécurisation, identification (commandes) et répression (abuse)?


Journal de 5h02:

Security Events
 =-=-=-=-=-=-=-=
 Mar 23 04:46:03 GDem3 sshd[11168]: Failed password for illegal user
test from ::ffff:211.176.33.46 port 50152 ssh2 Mar 23 04:46:06 GDem3
sshd[11174]: Failed password for illegal user guest from
::ffff:211.176.33.46 port 50252 ssh2 Mar 23 04:46:08 GDem3 sshd[11176]:
Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:08 GDem3
sshd[11176]: Failed password for illegal user admin from
::ffff:211.176.33.46 port 50344 ssh2 Mar 23 04:46:11 GDem3 sshd[11182]:
Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:11 GDem3
sshd[11182]: Failed password for illegal user admin from
::ffff:211.176.33.46 port 50439 ssh2 Mar 23 04:46:14 GDem3 sshd[11184]:
Failed password for illegal user user from ::ffff:211.176.33.46 port
50526 ssh2 Mar 23 04:46:17 GDem3 sshd[11190]: Failed password for root
from ::ffff:211.176.33.46 port 50618 ssh2 Mar 23 04:46:20 GDem3
sshd[11192]: Failed password for root from ::ffff:211.176.33.46 port
50711 ssh2 Mar 23 04:46:23 GDem3 sshd[11199]: Failed password for root
from ::ffff:211.176.33.46 port 50797 ssh2 Mar 23 04:46:26 GDem3
sshd[11201]: Failed password for illegal user test from
::ffff:211.176.33.46 port 50890 ssh2

 System Events
 =-=-=-=-=-=-=
 Mar 23 04:46:03 GDem3 sshd[11168]: Illegal user test from
::ffff:211.176.33.46 Mar 23 04:46:03 GDem3 sshd[11168]: error: Could not
get shadow information for NOUSER Mar 23 04:46:06 GDem3 sshd[11174]:
Illegal user guest from ::ffff:211.176.33.46 Mar 23 04:46:06 GDem3
sshd[11174]: error: Could not get shadow information for NOUSER Mar 23
04:46:08 GDem3 sshd[11176]: error: Could not get shadow information for
NOUSER Mar 23 04:46:11 GDem3 sshd[11182]: error: Could not get shadow
information for NOUSER Mar 23 04:46:14 GDem3 sshd[11184]: Illegal user
user from ::ffff:211.176.33.46 Mar 23 04:46:14 GDem3 sshd[11184]: error:
Could not get shadow information for NOUSER Mar 23 04:46:26 GDem3
sshd[11201]: Illegal user test from ::ffff:211.176.33.46 Mar 23 04:46:26
GDem3 sshd[11201]: error: Could not get shadow information for NOUSER



Journal de 10h02:

Security Events
 =-=-=-=-=-=-=-=
 Mar 23 09:11:39 GDem3 sshd[27590]: Failed password for root from
::ffff:62.193.236.45 port 45567 ssh2 Mar 23 09:11:40 GDem3 sshd[27592]:
Failed password for root from ::ffff:62.193.236.45 port 45687 ssh2 Mar
23 09:11:41 GDem3 sshd[27594]: Failed password for root from
::ffff:62.193.236.45 port 45769 ssh2 Mar 23 09:11:42 GDem3 sshd[27596]:
Failed password for root from ::ffff:62.193.236.45 port 45851 ssh2 Mar
23 09:11:42 GDem3 sshd[27598]: Failed password for root from
::ffff:62.193.236.45 port 45936 ssh2 Mar 23 09:11:43 GDem3 sshd[27600]:
Failed password for root from ::ffff:62.193.236.45 port 46006 ssh2 Mar
23 09:11:44 GDem3 sshd[27602]: Failed password for root from
::ffff:62.193.236.45 port 46076 ssh2 Mar 23 09:11:44 GDem3 sshd[27608]:
Failed password for root from ::ffff:62.193.236.45 port 46156 ssh2


GD

Reply to:

Follow-Ups:
- Re: intrusion par ssh
  - From: franck@linuxpourtous.com
- Re: intrusion par ssh
  - From: Comendatore <commendatore@comendatore.net>
- Re: intrusion par ssh
  - From: Steve <dlist@bluewin.ch>
- Re: intrusion par ssh
  - From: François Boisson <user.anti-spam@maison.homelinux.net>
- Re: intrusion par ssh
  - From: Georges Roux <georges.roux@pacageek.org>
- Re: intrusion par ssh
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Re: Je me marre !!...
Next by Date: Re: Je me marre !!...
Previous by thread: apt-proxy
Next by thread: Re: intrusion par ssh
Index(es):
- Date
- Thread