Code: Select all
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (220.226.193.6 ): 3 Time(s)
---------------------- pam_unix End -------------------------
And also this caught my eye...
Code: Select all
--------------------- SSHD Begin ------------------------
Failed logins from these:
root/password from 220.226.193.6: 3 Time(s)
**Unmatched Entries**
Illegal user test from 220.226.193.6
Illegal user guest from 220.226.193.6
Illegal user admin from 220.226.193.6
Illegal user admin from 220.226.193.6
Illegal user user from 220.226.193.6
Illegal user test from 220.226.193.6
---------------------- SSHD End -------------------------
I did a track on this ip and it's coming from Bombay India... there was no registrant information but there was network info...
Code: Select all
inetnum: 220.224.0.0 - 220.227.255.255
netname: RelianceInfocom
descr: Reliance Infocom Ltd.
country: IN
admin-c: JT125-AP
tech-c: RS78-AP
status: ALLOCATED PORTABLE
notify: relianceip_admin@ril.com
changed: hm-changed@apnic.net 20021216
mnt-by: APNIC-HM
mnt-lower: MAINT-IN-SN
changed: hm-changed@apnic.net 20040301
source: APNIC
route: 220.226.0.0/16
descr: Reliance Infocom Ltd Internet Data Centre
origin: AS18101
mnt-by: MAINT-IN-SN
changed: relianceip_admin@ril.com 20040608
source: APNIC
country: IN
person: Jyotindra Thacker
nic-hdl: JT125-AP
e-mail: jt@ril.com
address: 3rd Floor, Maker Chambers IV,
address: Nariman point, Mumbai-400021,
address: Maharashtra,
address: India
phone: +91-2-230382765
fax-no: +91-2-230382899
country: IN
changed: relianceip_admin@ril.com 20040105
mnt-by: MAINT-IN-SN
source: APNIC
person: Rajendar Singh
nic-hdl: RS78-AP
e-mail: rajendar_singh@ril.com
address: 3rd Floor, Maker Chambers IV,
address: Nariman point, Mumbai-400021,
address: Maharashtra,
address: India
phone: +91-2-230382790
fax-no: +91-2-230382799
country: IN
changed: relianceip_admin@ril.com 20040105
mnt-by: MAINT-IN-SN
source: APNIC
I'm wondering why they would attempt to secure shell into my pc... anyhow, anyone know what I should do? I went ahead and stopped ssh and I'll probably go ahead and block this ip with iptables before I start up ssh again.