[Zeffie-Users] (raq4) hack attempt

Thu Apr 21 12:43:47 EDT 2005

What kind of a firewall do you implement on your system?

Assuming my native RaQ4r running on
http://cdr.raq4less.com/RaQ4r-040317.iso, what would you use?

Best,

--
Arthur Sherman

ComPros Team
+972-52-4689432 

> -----Original Message-----
> From: Zeffie-Users-bounces at zeffie.net 
> [mailto:Zeffie-Users-bounces at zeffie.net] On Behalf Of Davis
> Sent: Thursday, April 21, 2005 7:40 AM
> To: Zeffie.net Users List
> Subject: Re: [Zeffie-Users] (raq4) hack attempt
> 
> I already blocked this script kidie... actually I blocked the 
> whole range on the firewall :
> 
> Looking up 221.242.57.202...
> Using whois server whois.arin.net.
> 
> OrgName:    Asia Pacific Network Information Centre
> OrgID:      APNIC
> Address:    PO Box 2131
> City:       Milton
> StateProv:  QLD
> PostalCode: 4064
> Country:    AU
> 
> ReferralServer: whois://whois.apnic.net
> 
> NetRange:   221.0.0.0 - 221.255.255.255
> 
> 
> ----- Original Message -----
> From: "Arthur Sherman" <cobalt-list at compros.co.il>
> To: "'Cobalt Users'" <cobalt-users at lists.qbalt.com>; "Zeffie-Users" 
> <Zeffie-Users at zeffie.net>
> Sent: Thursday, April 21, 2005 5:01 AM
> Subject: [Zeffie-Users] (raq4) hack attempt
> 
> 
> >
> > Hi,
> >
> > How are you doing?
> >
> >
> > I have mentioned this in auth log:
> >
> > ---start---
> > [root spamassassin]# tail -n 50 /var/log/auth
> > Apr 20 20:14:05 baby sshd[18765]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:05 baby sshd[18765]: Failed password for 
> illegal user backup
> > from 221.242.57.202 port 55826 ssh2
> > Apr 20 20:14:08 baby sshd[18767]: Illegal user server from 
> 221.242.57.202
> > Apr 20 20:14:08 baby sshd[18767]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:08 baby sshd[18767]: Failed password for 
> illegal user server
> > from 221.242.57.202 port 55901 ssh2
> > Apr 20 20:14:11 baby sshd[18769]: Illegal user adam from 
> 221.242.57.202
> > Apr 20 20:14:11 baby sshd[18769]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:11 baby sshd[18769]: Failed password for 
> illegal user adam 
> > from
> > 221.242.57.202 port 55966 ssh2
> > Apr 20 20:14:15 baby sshd[18771]: Illegal user alan from 
> 221.242.57.202
> > Apr 20 20:14:15 baby sshd[18771]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:15 baby sshd[18771]: Failed password for 
> illegal user alan 
> > from
> > 221.242.57.202 port 56060 ssh2
> > Apr 20 20:14:18 baby sshd[18773]: Illegal user frank from 
> 221.242.57.202
> > Apr 20 20:14:18 baby sshd[18773]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:18 baby sshd[18773]: Failed password for 
> illegal user frank
> > from 221.242.57.202 port 56142 ssh2
> > Apr 20 20:14:21 baby sshd[18777]: Illegal user george from 
> 221.242.57.202
> > Apr 20 20:14:21 baby sshd[18777]: error: Could not get 
> shadow information
> > for NOUSER
> > Apr 20 20:14:21 baby sshd[18777]: Failed password for 
> illegal user george
> > from 221.242.57.202 port 56211 ssh2
> > ---end---
> >
> > Some potz from Japan is probing my server.
> > How could I make my server block for a hour/day that IP?
> >
> > Best,
> >
> > --
> > Arthur Sherman
> >
> > ComPros Team
> > +972-52-4689432
> >
> >
> >
> >
> >
> > _______________________________________________
> > Zeffie-Users mailing list
> > Zeffie-Users at zeffie.net
> > http://zeffie.net/mailman/listinfo/zeffie-users_zeffie.net
> > 
> 
> 
> 
> --------------------------------------------------------------
> ---------
> This mail has been checked and is virus free.
> 
> 
> 
> _______________________________________________
> Zeffie-Users mailing list
> Zeffie-Users at zeffie.net
> http://zeffie.net/mailman/listinfo/zeffie-users_zeffie.net
> 