LogWatch +++IMPORTANT+++
Posted: Sat Aug 14, 2004 12:06 pm
I was reading through my daily LogWatch email for my server and this caught my eye...
And also this caught my eye...
I did a track on this ip and it's coming from Bombay India... there was no registrant information but there was network info...
I'm wondering why they would attempt to secure shell into my pc... anyhow, anyone know what I should do? I went ahead and stopped ssh and I'll probably go ahead and block this ip with iptables before I start up ssh again.
Code: Select all
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (220.226.193.6 ): 3 Time(s)
---------------------- pam_unix End -------------------------
And also this caught my eye...
Code: Select all
--------------------- SSHD Begin ------------------------
Failed logins from these:
root/password from 220.226.193.6: 3 Time(s)
**Unmatched Entries**
Illegal user test from 220.226.193.6
Illegal user guest from 220.226.193.6
Illegal user admin from 220.226.193.6
Illegal user admin from 220.226.193.6
Illegal user user from 220.226.193.6
Illegal user test from 220.226.193.6
---------------------- SSHD End -------------------------
I did a track on this ip and it's coming from Bombay India... there was no registrant information but there was network info...
Code: Select all
inetnum: 220.224.0.0 - 220.227.255.255
netname: RelianceInfocom
descr: Reliance Infocom Ltd.
country: IN
admin-c: JT125-AP
tech-c: RS78-AP
status: ALLOCATED PORTABLE
notify: relianceip_admin@ril.com
changed: hm-changed@apnic.net 20021216
mnt-by: APNIC-HM
mnt-lower: MAINT-IN-SN
changed: hm-changed@apnic.net 20040301
source: APNIC
route: 220.226.0.0/16
descr: Reliance Infocom Ltd Internet Data Centre
origin: AS18101
mnt-by: MAINT-IN-SN
changed: relianceip_admin@ril.com 20040608
source: APNIC
country: IN
person: Jyotindra Thacker
nic-hdl: JT125-AP
e-mail: jt@ril.com
address: 3rd Floor, Maker Chambers IV,
address: Nariman point, Mumbai-400021,
address: Maharashtra,
address: India
phone: +91-2-230382765
fax-no: +91-2-230382899
country: IN
changed: relianceip_admin@ril.com 20040105
mnt-by: MAINT-IN-SN
source: APNIC
person: Rajendar Singh
nic-hdl: RS78-AP
e-mail: rajendar_singh@ril.com
address: 3rd Floor, Maker Chambers IV,
address: Nariman point, Mumbai-400021,
address: Maharashtra,
address: India
phone: +91-2-230382790
fax-no: +91-2-230382799
country: IN
changed: relianceip_admin@ril.com 20040105
mnt-by: MAINT-IN-SN
source: APNIC
I'm wondering why they would attempt to secure shell into my pc... anyhow, anyone know what I should do? I went ahead and stopped ssh and I'll probably go ahead and block this ip with iptables before I start up ssh again.