A SSH Bruteforce attempt...

Toggle sidebar Toggle sidebar
W

wetcat007

Diamond Member
Nov 5, 2002
3,502
0
0
I run a personal linux web server, with ssh logins setup, as well as a script I put together to drop all traffic from a IP after 30 failed SSH login attempts. Normally I get people trying a bunch of random usernames but generally not in the US, it's entertaining to see this happen actually...

Anyways I found one that happens to be roadrunner. Should I bother calling the abuse phone number and complaining or email...? It is another unix/linux box at that IP address so I'm guessing it's not a virus...

whois 66.65.x.x

OrgName: Road Runner HoldCo LLC
OrgID: RRNY
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
ReferralServer: rwhois://ipmt.rr.com:4321

NetRange: 66.65.0.0 - 66.65.255.255
CIDR: 66.65.0.0/16
NetName: RR-NYC-1BLK
NetHandle: NET-66-65-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-01-19
Updated: 2002-11-25

RTechHandle: ZS30-ARIN
RTechName: ServiceCo LLC
RTechPhone: +1-703-345-3416
RTechEmail: abuse@rr.com

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: abuse@rr.com

OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: abuse@rr.com
 
D

DaWhim

Lifer
Feb 3, 2003
12,985
1
81
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

thank for the head up. I just checked my ftp log and saw someone tried to access it.
 
S

skace

Lifer
Jan 23, 2001
14,488
7
81
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

Is that based on the default port? Like an FTP server on 7777 is not going to get the same traffic as one on port 21 or 23 or whatever default is.
 
JImmyK

JImmyK

Golden Member
Oct 9, 1999
1,145
36
91
OMG! haha thats right across from my hosue I drive by the roadrunner office to work everyday.

Im also in zip 20171.. small world dude...
 
R

Reel

Diamond Member
Jul 14, 2001
4,484
0
76
Originally posted by: skace
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

Is that based on the default port? Like an FTP server on 7777 is not going to get the same traffic as one on port 21 or 23 or whatever default is.
Click to expand...

Correct. Most will be from script kiddies attempting to guess passwords on standard services on standard ports. Of course, someone more advanced would see the banner and/or login process of FTP on any port but who would really target a cable modem IP address in hopes of getting something useful?
 
ebaycj

ebaycj

Diamond Member
Mar 9, 2002
5,418
0
0
just change your ssh port to something other than 22. if you still get random login attempts, ignore them, as they probably have next to no chance of success (assuming that they are not brute forcing, since it's not the default port).
 
G

Goosemaster

Lifer
Apr 10, 2001
48,775
3
81
Originally posted by: Roguestar
Originally posted by: wetcat007
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

lol better yet an open relay mail server..
Click to expand...

No, a TOR server :D.

Though most of those are pedos :(.
Click to expand...

those sons of bitches ruin everything...tainting everything they touch...
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom