Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Attempted server raid

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help!
View previous topic :: View next topic  
Author Message
ggreaves
LXF regular


Joined: Tue Apr 12, 2005 1:58 pm
Posts: 124

PostPosted: Sun May 15, 2005 5:14 pm    Post subject: Attempted server raid Reply with quote

I have an SME server, which is how I connect to the internet, host my website. On checking my logs this afternoon, I notice some very unusual activity. A sample from the log is listed below. Can anyone tell me what kind of attack this is?

May 15 02:08:50 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.245.234.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=37555 PROTO=UDP SPT=10464 DPT=1027 LEN=888
May 15 02:12:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13630 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:12:23 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13841 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:14:11 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.229.182.115 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=25561 PROTO=UDP SPT=27744 DPT=1028 LEN=888
May 15 02:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=4814 PROTO=UDP SPT=15330 DPT=1026 LEN=641
May 15 02:35:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.117.144.233 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=22171 PROTO=UDP SPT=20186 DPT=1026 LEN=888
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 03:01:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=46073 DPT=1026 LEN=398
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1026 LEN=418
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1027 LEN=418
May 15 03:29:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.201 DST=81.106.190.208 LEN=841 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33906 DPT=1026 LEN=821
May 15 03:30:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=59.80.225.231 DST=81.106.190.208 LEN=64 TOS=0x00 PREC=0x00 TTL=42 ID=4479 DF PROTO=TCP SPT=49805 DPT=4899 WINDOW=44620 RES=0x00 SYN URGP=0
May 15 03:36:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.76.142.58 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=208 PROTO=UDP SPT=12913 DPT=1027 LEN=888
May 15 03:40:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.106.140.197 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=458 DF PROTO=TCP SPT=31625 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 03:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.232.107.141 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=60604 PROTO=UDP SPT=15200 DPT=1028 LEN=888
May 15 03:46:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=18305 PROTO=UDP SPT=14978 DPT=1026 LEN=641
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27424 PROTO=UDP SPT=63598 DPT=1026 LEN=419
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27425 PROTO=UDP SPT=54554 DPT=1027 LEN=419
May 15 04:03:03 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.89.211.29 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=57240 PROTO=UDP SPT=22440 DPT=1026 LEN=888
May 15 04:05:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.158.204 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=53180 DPT=1026 LEN=441
May 15 04:09:13 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=58256 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:09:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=59160 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:15:51 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1027 LEN=462
May 15 04:22:54 paratha dyndns.org: Unknown response . Status was 0
May 15 04:29:31 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.77.185.228 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33238 DPT=1026 LEN=419
May 15 04:59:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=32224 PROTO=UDP SPT=10092 DPT=1026 LEN=641
May 15 05:03:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.65.157.184 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20596 PROTO=UDP SPT=27599 DPT=1027 LEN=888
May 15 05:09:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.73.72.143 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=30337 PROTO=UDP SPT=16899 DPT=1028 LEN=888
May 15 05:23:21 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=63.239.130.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=23897 DF PROTO=TCP SPT=4903 DPT=42 WINDOW=64512 RES=0x00 SYN URGP=0
May 15 05:24:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 05:30:38 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=65.26.111.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=26767 PROTO=UDP SPT=6031 DPT=1026 LEN=888
May 15 05:39:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=53142 DPT=1026 LEN=441
May 15 06:12:28 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=46635 PROTO=UDP SPT=23456 DPT=1026 LEN=641
May 15 06:30:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.133.42.230 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=57746 PROTO=UDP SPT=30541 DPT=1027 LEN=888
May 15 06:36:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.3.222.44 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=65333 PROTO=UDP SPT=14731 DPT=1028 LEN=888
May 15 06:41:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=22767 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=24350 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:58:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.126.132.41 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=61970 PROTO=UDP SPT=11382 DPT=1026 LEN=888
May 15 07:06:09 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=36716 DPT=1026 LEN=441
May 15 07:15:30 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1026 LEN=462
May 15 07:25:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20712 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20861 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:26 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=21162 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:34 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=60630 PROTO=UDP SPT=30629 DPT=1026 LEN=641
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34979 PROTO=UDP SPT=55312 DPT=1026 LEN=419
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34980 PROTO=UDP SPT=56481 DPT=1027 LEN=419
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 07:58:06 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.174.87.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20091 PROTO=UDP SPT=26549 DPT=1027 LEN=888
May 15 08:04:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.81.89.161 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=34913 PROTO=UDP SPT=9142 DPT=1028 LEN=888
May 15 08:25:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.125.85.8 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=31563 PROTO=UDP SPT=24536 DPT=1026 LEN=888
May 15 08:34:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33403 DPT=1026 LEN=398
May 15 08:38:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=9527 PROTO=UDP SPT=29713 DPT=1026 LEN=641
May 15 09:25:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.29.74.241 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=6226 PROTO=UDP SPT=11375 DPT=1027 LEN=888
May 15 09:31:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.63.99.71 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=4181 PROTO=UDP SPT=7271 DPT=1028 LEN=888
May 15 09:51:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=20181 PROTO=UDP SPT=30253 DPT=1026 LEN=641
May 15 09:53:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.50.43.85 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=1097 PROTO=UDP SPT=24961 DPT=1026 LEN=888
May 15 09:58:10 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=45176 DPT=1026 LEN=398
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25703 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25705 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25707 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25708 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25710 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25766 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25768 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25770 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25771 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25773 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25856 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25858 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25860 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25861 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25863 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:32:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35767 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35768 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:59 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35769 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:04 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35770 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:15 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35771 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35772 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:34:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35773 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:35:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35774 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:56:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=205.39.24.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=50071 PROTO=UDP SPT=17358 DPT=1027 LEN=888
May 15 10:59:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.186.222.78 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=39219 PROTO=UDP SPT=18850 DPT=1028 LEN=888
May 15 11:04:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=35840 PROTO=UDP SPT=30991 DPT=1026 LEN=641
May 15 11:07:08 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=66.160.191.67 DST=81.106.190.208 LEN=494 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=32811 DPT=1026 LEN=474
May 15 11:13:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.155.71 DST=81.106.190.208 LEN=421 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=49587 DPT=1026 LEN=401
May 15 11:37:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11693 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:37:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11851 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:39:00 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=15157 PROTO=UDP SPT=58797 DPT=1026 LEN=419
May 15 11:44:16 paratha sshd[5927]: Did not receive identification string from 195.239.164.214
May 15 11:47:54 paratha sshd[5930]: Failed password for root from 195.239.164.214 port 57616 ssh2
May 15 11:47:56 paratha sshd[5932]: Failed password for admin from 195.239.164.214 port 57652 ssh2
May 15 11:47:57 paratha sshd[5934]: Illegal user test from 195.239.164.214
May 15 11:47:57 paratha sshd[5934]: Failed password for illegal user test from 195.239.164.214 port 57674 ssh2
May 15 11:47:59 paratha sshd[5936]: Illegal user guest from 195.239.164.214
May 15 11:47:59 paratha sshd[5936]: Failed password for illegal user guest from 195.239.164.214 port 57692 ssh2
May 15 11:48:01 paratha sshd[5938]: Illegal user webmaster from 195.239.164.214
May 15 11:48:01 paratha sshd[5938]: Failed password for illegal user webmaster from 195.239.164.214 port 57710 ssh2
May 15 11:48:02 paratha sshd[5940]: Failed password for mysql from 195.239.164.214 port 57732 ssh2
May 15 11:48:04 paratha sshd[5942]: Illegal user oracle from 195.239.164.214
May 15 11:48:04 paratha sshd[5942]: Failed password for illegal user oracle from 195.239.164.214 port 57750 ssh2
May 15 11:48:06 paratha sshd[5944]: Illegal user library from 195.239.164.214
May 15 11:48:06 paratha sshd[5944]: Failed password for illegal user library from 195.239.164.214 port 57767 ssh2
May 15 11:48:07 paratha sshd[5946]: Illegal user info from 195.239.164.214
May 15 11:48:07 paratha sshd[5946]: Failed password for illegal user info from 195.239.164.214 port 57786 ssh2
May 15 11:48:09 paratha sshd[5948]: Illegal user shell from 195.239.164.214
May 15 11:48:09 paratha sshd[5948]: Failed password for illegal user shell from 195.239.164.214 port 57808 ssh2
May 15 11:48:10 paratha sshd[5950]: Illegal user linux from 195.239.164.214
May 15 11:48:10 paratha sshd[5950]: Failed password for illegal user linux from 195.239.164.214 port 57824 ssh2
May 15 11:48:12 paratha sshd[5952]: Illegal user unix from 195.239.164.214
May 15 11:48:12 paratha sshd[5952]: Failed password for illegal user unix from 195.239.164.214 port 57843 ssh2
May 15 11:48:14 paratha sshd[5954]: Illegal user webadmin from 195.239.164.214
May 15 11:48:14 paratha sshd[5954]: Failed password for illegal user webadmin from 195.239.164.214 port 57864 ssh2
May 15 11:48:15 paratha sshd[5956]: Failed password for ftp from 195.239.164.214 port 57881 ssh2
May 15 11:48:17 paratha sshd[5958]: Illegal user test from 195.239.164.214
May 15 11:48:17 paratha sshd[5958]: Failed password for illegal user test from 195.239.164.214 port 57900 ssh2
May 15 11:48:19 paratha sshd[5960]: Failed password for root from 195.239.164.214 port 57923 ssh2
May 15 11:48:21 paratha sshd[5962]: Failed password for admin from 195.239.164.214 port 57941 ssh2
May 15 11:48:23 paratha sshd[5964]: Illegal user guest from 195.239.164.214
May 15 11:48:23 paratha sshd[5964]: Failed password for illegal user guest from 195.239.164.214 port 57960 ssh2
May 15 11:48:24 paratha sshd[5966]: Illegal user master from 195.239.164.214
May 15 11:48:24 paratha sshd[5966]: Failed password for illegal user master from 195.239.164.214 port 57983 ssh2
May 15 11:48:26 paratha sshd[5968]: Failed password for apache from 195.239.164.214 port 58002 ssh2
May 15 11:48:28 paratha sshd[5970]: Failed password for root from 195.239.164.214 port 58019 ssh2
May 15 11:48:29 paratha sshd[5972]: Failed password for root from 195.239.164.214 port 58039 ssh2
May 15 11:48:31 paratha sshd[5974]: Failed password for root from 195.239.164.214 port 58057 ssh2
May 15 11:48:33 paratha sshd[5976]: Failed password for root from 195.239.164.214 port 58078 ssh2
May 15 11:48:34 paratha sshd[5978]: Failed password for root from 195.239.164.214 port 58093 ssh2
May 15 11:48:36 paratha sshd[5980]: Failed password for root from 195.239.164.214 port 58113 ssh2
May 15 11:48:38 paratha sshd[5982]: Failed password for root from 195.239.164.214 port 58129 ssh2
May 15 11:48:39 paratha sshd[5984]: Failed password for admin from 195.239.164.214 port 58148 ssh2
May 15 11:48:41 paratha sshd[5986]: Failed password for admin from 195.239.164.214 port 58165 ssh2
May 15 11:48:43 paratha sshd[5988]: Failed password for admin from 195.239.164.214 port 58181 ssh2
May 15 11:48:44 paratha sshd[5990]: Failed password for admin from 195.239.164.214 port 58201 ssh2
May 15 11:48:46 paratha sshd[5992]: Failed password for root from 195.239.164.214 port 58219 ssh2
May 15 11:48:47 paratha sshd[5994]: Failed password for root from 195.239.164.214 port 58233 ssh2
May 15 11:48:49 paratha sshd[5996]: Illegal user test from 195.239.164.214
May 15 11:48:49 paratha sshd[5996]: Failed password for illegal user test from 195.239.164.214 port 58254 ssh2
May 15 11:48:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57681 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:51 paratha sshd[5998]: Illegal user test from 195.239.164.214
May 15 11:48:51 paratha sshd[5998]: Failed password for illegal user test from 195.239.164.214 port 58269 ssh2
May 15 11:48:52 paratha sshd[6000]: Illegal user webmaster from 195.239.164.214
May 15 11:48:52 paratha sshd[6000]: Failed password for illegal user webmaster from 195.239.164.214 port 58286 ssh2
May 15 11:48:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57831 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:54 paratha sshd[6002]: Illegal user user from 195.239.164.214
May 15 11:48:54 paratha sshd[6002]: Failed password for illegal user user from 195.239.164.214 port 58304 ssh2
May 15 11:48:56 paratha sshd[6004]: Illegal user username from 195.239.164.214
May 15 11:48:56 paratha sshd[6004]: Failed password for illegal user username from 195.239.164.214 port 58325 ssh2
May 15 11:48:57 paratha sshd[6006]: Illegal user username from 195.239.164.214
May 15 11:48:57 paratha sshd[6006]: Failed password for illegal user username from 195.239.164.214 port 58343 ssh2
May 15 11:48:58 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=58133 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:59 paratha sshd[6008]: Illegal user user from 195.239.164.214
May 15 11:48:59 paratha sshd[6008]: Failed password for illegal user user from 195.239.164.214 port 58358 ssh2
May 15 11:49:01 paratha sshd[6010]: Failed password for root from 195.239.164.214 port 58374 ssh2
May 15 11:49:02 paratha sshd[6012]: Failed password for admin from 195.239.164.214 port 58392 ssh2
May 15 11:49:04 paratha sshd[6014]: Illegal user test from 195.239.164.214
May 15 11:49:04 paratha sshd[6014]: Failed password for illegal user test from 195.239.164.214 port 58410 ssh2
May 15 11:49:05 paratha sshd[6016]: Failed password for root from 195.239.164.214 port 58427 ssh2
May 15 11:49:07 paratha sshd[6018]: Failed password for root from 195.239.164.214 port 58445 ssh2
May 15 11:49:09 paratha sshd[6020]: Failed password for root from 195.239.164.214 port 58462 ssh2
May 15 11:49:10 paratha sshd[6022]: Failed password for root from 195.239.164.214 port 58479 ssh2
May 15 11:49:12 paratha sshd[6024]: Illegal user danny from 195.239.164.214
May 15 11:49:12 paratha sshd[6024]: Failed password for illegal user danny from 195.239.164.214 port 58500 ssh2
May 15 11:49:16 paratha sshd[6026]: Illegal user sharon from 195.239.164.214
May 15 11:49:16 paratha sshd[6026]: Failed password for illegal user sharon from 195.239.164.214 port 58516 ssh2
May 15 11:49:18 paratha sshd[6028]: Illegal user aron from 195.239.164.214
May 15 11:49:18 paratha sshd[6028]: Failed password for illegal user aron from 195.239.164.214 port 58564 ssh2
May 15 11:49:20 paratha sshd[6030]: Illegal user alex from 195.239.164.214
May 15 11:49:20 paratha sshd[6030]: Failed password for illegal user alex from 195.239.164.214 port 58580 ssh2
May 15 11:49:21 paratha sshd[6032]: Illegal user brett from 195.239.164.214
May 15 11:49:21 paratha sshd[6032]: Failed password for illegal user brett from 195.239.164.214 port 58600 ssh2
May 15 11:49:23 paratha sshd[6035]: Illegal user mike from 195.239.164.214
May 15 11:49:23 paratha sshd[6035]: Failed password for illegal user mike from 195.239.164.214 port 58617 ssh2
May 15 11:49:25 paratha sshd[6037]: Illegal user alan from 195.239.164.214
May 15 11:49:25 paratha sshd[6037]: Failed password for illegal user alan from 195.239.164.214 port 58635 ssh2
May 15 11:49:26 paratha sshd[6039]: Illegal user data from 195.239.164.214
May 15 11:49:26 paratha sshd[6039]: Failed password for illegal user data from 195.239.164.214 port 58655 ssh2
May 15 11:49:28 paratha sshd[6041]: Illegal user www-data from 195.239.164.214
May 15 11:49:28 paratha sshd[6041]: Failed password for illegal user www-data from 195.239.164.214 port 58671 ssh2
May 15 11:49:30 paratha sshd[6043]: Illegal user http from 195.239.164.214
May 15 11:49:30 paratha sshd[6043]: Failed password for illegal user http from 195.239.164.214 port 58687 ssh2
May 15 11:49:31 paratha sshd[6045]: Illegal user httpd from 195.239.164.214
May 15 11:49:31 paratha sshd[6045]: Failed password for illegal user httpd from 195.239.164.214 port 58706 ssh2
May 15 11:49:33 paratha sshd[6047]: Failed password for nobody from 195.239.164.214 port 58723 ssh2
May 15 11:49:35 paratha sshd[6049]: Failed password for root from 195.239.164.214 port 58742 ssh2
May 15 11:49:36 paratha sshd[6051]: Illegal user backup from 195.239.164.214
May 15 11:49:36 paratha sshd[6051]: Failed password for illegal user backup from 195.239.164.214 port 58759 ssh2
May 15 11:49:38 paratha sshd[6053]: Illegal user info from 195.239.164.214
May 15 11:49:38 paratha sshd[6053]: Failed password for illegal user info from 195.239.164.214 port 58777 ssh2
May 15 11:49:40 paratha sshd[6055]: Illegal user shop from 195.239.164.214
May 15 11:49:40 paratha sshd[6055]: Failed password for illegal user shop from 195.239.164.214 port 58800 ssh2
May 15 11:49:41 paratha sshd[6057]: Illegal user sales from 195.239.164.214
May 15 11:49:41 paratha sshd[6057]: Failed password for illegal user sales from 195.239.164.214 port 58815 ssh2
May 15 11:49:43 paratha sshd[6059]: Illegal user web from 195.239.164.214
May 15 11:49:43 paratha sshd[6059]: Failed password for illegal user web from 195.239.164.214 port 58831 ssh2
May 15 11:49:45 paratha sshd[6061]: Failed password for www from 195.239.164.214 port 58848 ssh2
May 15 11:49:46 paratha sshd[6063]: Illegal user wwwrun from 195.239.164.214
May 15 11:49:46 paratha sshd[6063]: Failed password for illegal user wwwrun from 195.239.164.214 port 58868 ssh2
May 15 11:49:48 paratha sshd[6065]: Illegal user adam from 195.239.164.214
May 15 11:49:48 paratha sshd[6065]: Failed password for illegal user adam from 195.239.164.214 port 58885 ssh2
May 15 11:49:49 paratha sshd[6067]: Illegal user stephen from 195.239.164.214
May 15 11:49:49 paratha sshd[6067]: Failed password for illegal user stephen from 195.239.164.214 port 58902 ssh2
May 15 11:49:51 paratha sshd[6069]: Illegal user richard from 195.239.164.214
May 15 11:49:51 paratha sshd[6069]: Failed password for illegal user richard from 195.239.164.214 port 58922 ssh2
May 15 11:49:53 paratha sshd[6072]: Illegal user george from 195.239.164.214
May 15 11:49:53 paratha sshd[6072]: Failed password for illegal user george from 195.239.164.214 port 58940 ssh2
May 15 11:49:55 paratha sshd[6074]: Illegal user michael from 195.239.164.214
May 15 11:49:55 paratha sshd[6074]: Failed password for illegal user michael from 195.239.164.214 port 58959 ssh2
May 15 11:49:56 paratha sshd[6076]: Illegal user john from 195.239.164.214
May 15 11:49:56 paratha sshd[6076]: Failed password for illegal user john from 195.239.164.214 port 58983 ssh2
May 15 11:49:58 paratha sshd[6078]: Illegal user david from 195.239.164.214
May 15 11:49:58 paratha sshd[6078]: Failed password for illegal user david from 195.239.164.214 port 59001 ssh2
May 15 11:50:00 paratha sshd[6080]: Illegal user paul from 195.239.164.214
May 15 11:50:00 paratha sshd[6080]: Failed password for illegal user paul from 195.239.164.214 port 59019 ssh2
May 15 11:50:01 paratha sshd[6082]: Failed password for news from 195.239.164.214 port 59035 ssh2
May 15 11:50:03 paratha sshd[6084]: Illegal user angel from 195.239.164.214
May 15 11:50:03 paratha sshd[6084]: Failed password for illegal user angel from 195.239.164.214 port 59052 ssh2
May 15 11:50:04 paratha sshd[6086]: Failed password for games from 195.239.164.214 port 59073 ssh2
May 15 11:50:06 paratha sshd[6088]: Illegal user pgsql from 195.239.164.214
May 15 11:50:06 paratha sshd[6088]: Failed password for illegal user pgsql from 195.239.164.214 port 59088 ssh2
May 15 11:50:08 paratha sshd[6090]: Illegal user pgsql from 195.239.164.214
May 15 11:50:08 paratha sshd[6090]: Failed password for illegal user pgsql from 195.239.164.214 port 59108 ssh2
May 15 11:50:13 paratha sshd[6092]: Failed password for mail from 195.239.164.214 port 59132 ssh2
May 15 11:50:15 paratha sshd[6094]: Failed password for adm from 195.239.164.214 port 59180 ssh2
May 15 11:50:16 paratha sshd[6096]: Illegal user ident from 195.239.164.214
May 15 11:50:16 paratha sshd[6096]: Failed password for illegal user ident from 195.239.164.214 port 59203 ssh2
May 15 11:50:18 paratha sshd[6098]: Illegal user resin from 195.239.164.214
May 15 11:50:18 paratha sshd[6098]: Failed password for illegal user resin from 195.239.164.214 port 59220 ssh2
May 15 11:50:20 paratha sshd[6100]: Illegal user mikael from 195.239.164.214
May 15 11:50:20 paratha sshd[6100]: Failed password for illegal user mikael from 195.239.164.214 port 59242 ssh2
May 15 11:50:21 paratha sshd[6102]: Illegal user mike from 195.239.164.214
May 15 11:50:21 paratha sshd[6102]: Failed password for illegal user mike from 195.239.164.214 port 59260 ssh2
May 15 11:50:23 paratha sshd[6104]: Illegal user suva from 195.239.164.214
May 15 11:50:23 paratha sshd[6104]: Failed password for illegal user suva from 195.239.164.214 port 59275 ssh2
May 15 11:50:25 paratha sshd[6106]: Illegal user webpop from 195.239.164.214
May 15 11:50:25 paratha sshd[6106]: Failed password for illegal user webpop from 195.239.164.214 port 59292 ssh2
May 15 11:50:26 paratha sshd[6108]: Illegal user technicom from 195.239.164.214
May 15 11:50:26 paratha sshd[6108]: Failed password for illegal user technicom from 195.239.164.214 port 59310 ssh2
May 15 11:50:28 paratha sshd[6110]: Illegal user susan from 195.239.164.214
May 15 11:50:28 paratha sshd[6110]: Failed password for illegal user susan from 195.239.164.214 port 59328 ssh2
May 15 11:50:29 paratha sshd[6112]: Illegal user sunsun from 195.239.164.214
May 15 11:50:29 paratha sshd[6112]: Failed password for illegal user sunsun from 195.239.164.214 port 59345 ssh2
May 15 11:50:31 paratha sshd[6114]: Illegal user sunny from 195.239.164.214
May 15 11:50:31 paratha sshd[6114]: Failed password for illegal user sunny from 195.239.164.214 port 59365 ssh2
May 15 11:50:33 paratha sshd[6116]: Illegal user steven from 195.239.164.214
May 15 11:50:33 paratha sshd[6116]: Failed password for illegal user steven from 195.239.164.214 port 59384 ssh2
May 15 11:50:34 paratha sshd[6118]: Illegal user ssh from 195.239.164.214
May 15 11:50:34 paratha sshd[6118]: Failed password for illegal user ssh from 195.239.164.214 port 59400 ssh2
May 15 11:50:36 paratha sshd[6120]: Illegal user search from 195.239.164.214
May 15 11:50:36 paratha sshd[6120]: Failed password for illegal user search from 195.239.164.214 port 59420 ssh2
May 15 11:50:38 paratha sshd[6122]: Illegal user sara from 195.239.164.214
May 15 11:50:38 paratha sshd[6122]: Failed password for illegal user sara from 195.239.164.214 port 59438 ssh2
May 15 11:50:39 paratha sshd[6124]: Illegal user robert from 195.239.164.214
May 15 11:50:39 paratha sshd[6124]: Failed password for illegal user robert from 195.239.164.214 port 59453 ssh2
May 15 11:50:41 paratha sshd[6126]: Illegal user richard from 195.239.164.214
May 15 11:50:41 paratha sshd[6126]: Failed password for illegal user richard from 195.239.164.214 port 59473 ssh2
May 15 11:50:42 paratha sshd[6128]: Illegal user postmaster from 195.239.164.214
May 15 11:50:42 paratha sshd[6128]: Failed password for illegal user postmaster from 195.239.164.214 port 59489 ssh2
May 15 11:50:44 paratha sshd[6130]: Illegal user party from 195.239.164.214
May 15 11:50:44 paratha sshd[6130]: Failed password for illegal user party from 195.239.164.214 port 59511 ssh2
May 15 11:50:46 paratha sshd[6132]: Illegal user michael from 195.239.164.214
May 15 11:50:46 paratha sshd[6132]: Failed password for illegal user michael from 195.239.164.214 port 59529 ssh2
May 15 11:50:47 paratha sshd[6134]: Illegal user amanda from 195.239.164.214
May 15 11:50:47 paratha sshd[6134]: Failed password for illegal user amanda from 195.239.164.214 port 59544 ssh2
May 15 11:50:49 paratha sshd[6136]: Failed password for mysql from 195.239.164.214 port 59561 ssh2
May 15 11:50:51 paratha sshd[6138]: Failed password for rpm from 195.239.164.214 port 59579 ssh2
May 15 11:50:52 paratha sshd[6140]: Failed password for operator from 195.239.164.214 port 59592 ssh2
May 15 11:50:54 paratha sshd[6142]: Illegal user sgi from 195.239.164.214
May 15 11:50:54 paratha sshd[6142]: Failed password for illegal user sgi from 195.239.164.214 port 59603 ssh2
May 15 11:50:55 paratha sshd[6144]: Illegal user Aaliyah from 195.239.164.214
May 15 11:50:55 paratha sshd[6144]: Failed password for illegal user Aaliyah from 195.239.164.214 port 59619 ssh2
May 15 11:50:57 paratha sshd[6146]: Illegal user Aaron from 195.239.164.214
May 15 11:50:57 paratha sshd[6146]: Failed password for illegal user Aaron from 195.239.164.214 port 59630 ssh2
May 15 11:50:58 paratha sshd[6148]: Illegal user Aba from 195.239.164.214
May 15 11:50:58 paratha sshd[6148]: Failed password for illegal user Aba from 195.239.164.214 port 59639 ssh2
May 15 11:51:00 paratha sshd[6150]: Illegal user Abel from 195.239.164.214
May 15 11:51:00 paratha sshd[6150]: Failed password for illegal user Abel from 195.239.164.214 port 59653 ssh2
May 15 11:51:01 paratha sshd[6152]: Illegal user Jewel from 195.239.164.214
May 15 11:51:01 paratha sshd[6152]: Failed password for illegal user Jewel from 195.239.164.214 port 59661 ssh2
May 15 11:51:03 paratha sshd[6154]: Failed password for sshd from 195.239.164.214 port 59671 ssh2
May 15 11:51:04 paratha sshd[6156]: Illegal user users from 195.239.164.214
May 15 11:51:04 paratha sshd[6156]: Failed password for illegal user users from 195.239.164.214 port 59682 ssh2
May 15 11:51:06 paratha sshd[6158]: Illegal user admins from 195.239.164.214
May 15 11:51:06 paratha sshd[6158]: Failed password for illegal user admins from 195.239.164.214 port 59691 ssh2
May 15 11:51:07 paratha sshd[6160]: Illegal user admins from 195.239.164.214
May 15 11:51:08 paratha sshd[6160]: Failed password for illegal user admins from 195.239.164.214 port 59700 ssh2
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
M0PHP
LXF regular


Joined: Wed Apr 06, 2005 8:40 am
Posts: 737
Location: Bishop Auckland, County Durham, UK

PostPosted: Sun May 15, 2005 5:18 pm    Post subject: Reply with quote

It looks as if someone is trying to gain access via brute force to the server using ssh from someone at IP 195.239.164.214.
Back to top
View user's profile Send private message Visit poster's website
smita034



Joined: Tue Apr 26, 2005 2:13 pm
Posts: 29
Location: Rochester, Kent, UK

PostPosted: Mon May 16, 2005 8:50 am    Post subject: Reply with quote

Yea, just use IPTables to ban the IP. If this happens alot you could try APF and BFD (iirc SME is based off of redhat/fedora so it should work, but i have not tested it on SME tho i do use it on my companys servers and have had no problems, just use at your own risk and all that Wink )
http://www.rfxnetworks.com/apf.php <-- Advanced Policy Firewall
http://www.rfxnetworks.com/bfd.php <-- Brute Force Detection

BFD will see that sort of thing happening, automaticly ban the IP and then email you to tell you. Very handy Smile

Hope that helps
_________________
Alex A. Smith
99% of all computer problems occur between the chair and keyboard
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Help! All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast