[Nottingham] sshd - POSSIBLE BREAK-IN ATTEMPT!
alan
alan at popey.com
Thu Jun 29 12:04:02 BST 2006
On Thu, Jun 29, 2006 at 11:50:00AM +0100, Martin wrote:
> I've seen many attempts on ssh but never noticed this before:
>
> Jun 29 11:46:28 - sshd[3990]: Failed password for invalid user angel
> from 71.16.200.56 port 43521 ssh2
> Jun 29 11:46:29 - sshd[3995]: Address 71.16.200.56 maps to
> uslec-71.16.200.56.cust.uslec.net, but this does not map back to the
> address - POSSIBLE BREAK-IN ATTEMPT!
>
>
> What's that variation?
> Where's ssh getting its mappings from?
>
It's IP spoofing as well as testing a random user by the look
of it.
Cheers,
Al.
More information about the Nottingham
mailing list