[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

intento de hackeo a mi pc

Hola lista, he podido comprobar que ahora mismo alguien ha intentado
hackear mi pc.
Abro /var/log/auth.log  y os copio un extracto al azar:
Sep 28 16:07:46  sshd[8756]: Invalid user carol from 63.255.80.139
Sep 28 16:07:46  sshd[8756]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:07:46  sshd[8756]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:07:47  sshd[8756]: Failed password for invalid user carol
from 63.255.80.139 port 40403 ssh2
Sep 28 16:07:49  sshd[8758]: Invalid user cesar from 63.255.80.139
Sep 28 16:07:49  sshd[8758]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:07:49 bsshd[8758]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:07:51  sshd[8758]: Failed password for invalid user cesar
from 63.255.80.139 port 40710 ssh2
Sep 28 16:07:53  sshd[8761]: Invalid user caesar from 63.255.80.139
Sep 28 16:07:53  sshd[8761]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:07:53  sshd[8761]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:07:55  sshd[8761]: Failed password for invalid user caesar
from 63.255.80.139 port 41058 ssh2
Sep 28 16:07:58  sshd[8763]: Invalid user center from 63.255.80.139
Sep 28 16:07:58  sshd[8763]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:07:58  sshd[8763]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:07:59  sshd[8763]: Failed password for invalid user center
from 63.255.80.139 port 41414 ssh2
Sep 28 16:08:01  sshd[8765]: Invalid user copy from 63.255.80.139
Sep 28 16:08:01  sshd[8765]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:08:01  sshd[8765]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:08:03  sshd[8765]: Failed password for invalid user copy
from 63.255.80.139 port 41737 ssh2
Sep 28 16:08:05  sshd[8767]: Invalid user cindy from 63.255.80.139
Sep 28 16:08:05  sshd[8767]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:08:05 sshd[8767]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
Sep 28 16:08:07  sshd[8767]: Failed password for invalid user cindy
from 63.255.80.139 port 42099 ssh2
Sep 28 16:08:10 sshd[8769]: Invalid user chenst from 63.255.80.139
Sep 28 16:08:10  sshd[8769]: pam_unix(sshd:auth): check pass; user
unknown
Sep 28 16:08:10 sshd[8769]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=63-255-80-139.ip.mcleodusa.net
el atacante estaba utilizando un diccionario de nombres (como se
puede
ver: carlo, cesar, caesar, center, copy, cindy... etc) y me he dado
cuenta cuando iba por la h.
he parado el servicio ssh.
por lo visto ha utilizado vairas ips :
63.255.80.139
69.162.77.39
como podria librarme de él, podria banear su ip desde mi pc?
utilizo debian lenny
alguna idea?
gracias
Reply to: