I checked my email inbox this morning, and guess what I found? The firewall (ConfigServer Security and Firewall) on a server I help run blocked a brute-force attack from Nokia:
Time: Tue May 1 02:28:18 2007
IP: 63.97.248.34 (machine34.nokia.com)
Failures: 5 (sshd)
Interval: 135 seconds
Blocked: YesLog entries:
May 1 02:28:08 blue sshd[9363]: Failed password for root from ::ffff:63.97.248.34 port 56057 ssh2
May 1 07:28:08 blue sshd[9364]: Failed password for root from ::ffff:63.97.248.34 port 56057 ssh2
May 1 02:28:11 blue sshd[9368]: Failed password for root from ::ffff:63.97.248.34 port 56436 ssh2
May 1 07:28:11 blue sshd[9369]: Failed password for root from ::ffff:63.97.248.34 port 56436 ssh2
May 1 02:28:13 blue sshd[9370]: Failed password for root from ::ffff:63.97.248.34 port 56591 ssh2
Just thought it was funny :P
(oh yeah, and I will report it to them!)
2 comments
Oh and apologies for posting on such an old blog item :$
<pre>
daniel@daniel-laptop:~$ host 63.97.248.34
34.248.97.63.in-addr.arpa domain name pointer machine34.nokia.com.
</pre>
I'm guessing it's a zombie Windows PC with viruses and stuff on it :P
"Oh and apologies for posting on such an old blog item"
No problem... I like people commenting on my blog, no matter how old the blog item is :)