Peru klopft an meine Firewall

Donnerstag, 2. April 2009 at 13:47 Uhr

Ist immer wieder spannend mit anzusehen, mit welchen kreativen Benutzernamen versucht wird auf einen SSH Server einzuloggen.


[...]
Apr 2 11:06:11 localhost sshd[7103]: Illegal user elke from 200.60.37.35
Apr 2 11:06:21 localhost sshd[7115]: Illegal user apache from 200.60.37.35
Apr 2 11:06:23 localhost sshd[7117]: Illegal user squid from 200.60.37.35
Apr 2 11:06:26 localhost sshd[7121]: Illegal user mailman from 200.60.37.35
Apr 2 11:06:28 localhost sshd[7123]: Illegal user stephane from 200.60.37.35
Apr 2 11:06:30 localhost sshd[7125]: Illegal user rabbit from 200.60.37.35
Apr 2 11:06:31 localhost sshd[7127]: Illegal user notes from 200.60.37.35
Apr 2 11:06:33 localhost sshd[7129]: Illegal user nick from 200.60.37.35
Apr 2 11:06:35 localhost sshd[7131]: Illegal user jesus from 200.60.37.35
Apr 2 11:06:37 localhost sshd[7133]: Illegal user paul from 200.60.37.35
Apr 2 11:06:39 localhost sshd[7135]: Illegal user penis from 200.60.37.35
Apr 2 11:06:40 localhost sshd[7137]: Illegal user temp from 200.60.37.35
Apr 2 11:06:42 localhost sshd[7139]: Illegal user bob from 200.60.37.35
Apr 2 11:06:44 localhost sshd[7141]: Illegal user software from 200.60.37.35
Apr 2 11:06:46 localhost sshd[7143]: Illegal user advanced from 200.60.37.35
Apr 2 11:06:47 localhost sshd[7145]: Illegal user american from 200.60.37.35
Apr 2 11:06:49 localhost sshd[7147]: Illegal user annmarie from 200.60.37.35
Apr 2 11:06:51 localhost sshd[7149]: Illegal user capital from 200.60.37.35
[...]

Vermutlich ist der arme Tropf aus Peru nicht einmal der Urheber des Übels, er hat vermutlich nicht einmal eine Ahnung davon was auf seinem Rechner – vor allem über den Port 31337 – so abläuft.


Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2009-04-02 11:00 CEST
Interesting ports on ucspperu.info (200.60.37.35):
(The 1654 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
623/tcp open unknown
6667/tcp open irc
31337/tcp open Elite