• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

A SSH Bruteforce attempt...

W

wetcat007

Diamond Member
I run a personal linux web server, with ssh logins setup, as well as a script I put together to drop all traffic from a IP after 30 failed SSH login attempts. Normally I get people trying a bunch of random usernames but generally not in the US, it's entertaining to see this happen actually...

Anyways I found one that happens to be roadrunner. Should I bother calling the abuse phone number and complaining or email...? It is another unix/linux box at that IP address so I'm guessing it's not a virus...

whois 66.65.x.x

OrgName: Road Runner HoldCo LLC
OrgID: RRNY
Address: 13241 Woodland Park Road
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
ReferralServer: rwhois://ipmt.rr.com:4321

NetRange: 66.65.0.0 - 66.65.255.255
CIDR: 66.65.0.0/16
NetName: RR-NYC-1BLK
NetHandle: NET-66-65-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.RR.COM
NameServer: DNS2.RR.COM
NameServer: DNS3.RR.COM
NameServer: DNS4.RR.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-01-19
Updated: 2002-11-25

RTechHandle: ZS30-ARIN
RTechName: ServiceCo LLC
RTechPhone: +1-703-345-3416
RTechEmail: abuse@rr.com

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: abuse@rr.com

OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: abuse@rr.com
 
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

thank for the head up. I just checked my ftp log and saw someone tried to access it.
 
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

Is that based on the default port? Like an FTP server on 7777 is not going to get the same traffic as one on port 21 or 23 or whatever default is.
 
OMG! haha thats right across from my hosue I drive by the roadrunner office to work everyday.

Im also in zip 20171.. small world dude...
 
Originally posted by: skace
Originally posted by: her209
You really want to see your logs light up? Just run an FTP server.
Click to expand...

Is that based on the default port? Like an FTP server on 7777 is not going to get the same traffic as one on port 21 or 23 or whatever default is.
Click to expand...

Correct. Most will be from script kiddies attempting to guess passwords on standard services on standard ports. Of course, someone more advanced would see the banner and/or login process of FTP on any port but who would really target a cable modem IP address in hopes of getting something useful?
 
just change your ssh port to something other than 22. if you still get random login attempts, ignore them, as they probably have next to no chance of success (assuming that they are not brute forcing, since it's not the default port).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top