Attempted server raid

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Attempted server raid

Postby ggreaves » Sun May 15, 2005 4:14 pm

I have an SME server, which is how I connect to the internet, host my website. On checking my logs this afternoon, I notice some very unusual activity. A sample from the log is listed below. Can anyone tell me what kind of attack this is?

May 15 02:08:50 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.245.234.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=37555 PROTO=UDP SPT=10464 DPT=1027 LEN=888
May 15 02:12:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13630 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:12:23 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=195.239.101.217 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=13841 DF PROTO=TCP SPT=3214 DPT=15118 WINDOW=8760 RES=0x00 SYN URGP=0
May 15 02:14:11 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.229.182.115 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=25561 PROTO=UDP SPT=27744 DPT=1028 LEN=888
May 15 02:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=4814 PROTO=UDP SPT=15330 DPT=1026 LEN=641
May 15 02:35:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.117.144.233 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=22171 PROTO=UDP SPT=20186 DPT=1026 LEN=888
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 03:00:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 03:01:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=46073 DPT=1026 LEN=398
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1026 LEN=418
May 15 03:03:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.152.198.79 DST=81.106.190.208 LEN=438 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=43438 DPT=1027 LEN=418
May 15 03:29:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.201 DST=81.106.190.208 LEN=841 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33906 DPT=1026 LEN=821
May 15 03:30:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=59.80.225.231 DST=81.106.190.208 LEN=64 TOS=0x00 PREC=0x00 TTL=42 ID=4479 DF PROTO=TCP SPT=49805 DPT=4899 WINDOW=44620 RES=0x00 SYN URGP=0
May 15 03:36:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.76.142.58 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=208 PROTO=UDP SPT=12913 DPT=1027 LEN=888
May 15 03:40:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.106.140.197 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=458 DF PROTO=TCP SPT=31625 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 03:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.232.107.141 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=60604 PROTO=UDP SPT=15200 DPT=1028 LEN=888
May 15 03:46:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=18305 PROTO=UDP SPT=14978 DPT=1026 LEN=641
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27424 PROTO=UDP SPT=63598 DPT=1026 LEN=419
May 15 03:53:01 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=27425 PROTO=UDP SPT=54554 DPT=1027 LEN=419
May 15 04:03:03 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.89.211.29 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=57240 PROTO=UDP SPT=22440 DPT=1026 LEN=888
May 15 04:05:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.158.204 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=53180 DPT=1026 LEN=441
May 15 04:09:13 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=58256 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:09:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.97.226.198 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=59160 DF PROTO=TCP SPT=4298 DPT=1025 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 04:15:51 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1027 LEN=462
May 15 04:22:54 paratha dyndns.org: Unknown response . Status was 0
May 15 04:29:31 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.77.185.228 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33238 DPT=1026 LEN=419
May 15 04:59:22 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=32224 PROTO=UDP SPT=10092 DPT=1026 LEN=641
May 15 05:03:19 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.65.157.184 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20596 PROTO=UDP SPT=27599 DPT=1027 LEN=888
May 15 05:09:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.73.72.143 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=30337 PROTO=UDP SPT=16899 DPT=1028 LEN=888
May 15 05:23:21 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=63.239.130.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=23897 DF PROTO=TCP SPT=4903 DPT=42 WINDOW=64512 RES=0x00 SYN URGP=0
May 15 05:24:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 05:30:38 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=65.26.111.57 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=26767 PROTO=UDP SPT=6031 DPT=1026 LEN=888
May 15 05:39:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=53142 DPT=1026 LEN=441
May 15 06:12:28 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=46635 PROTO=UDP SPT=23456 DPT=1026 LEN=641
May 15 06:30:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.133.42.230 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=57746 PROTO=UDP SPT=30541 DPT=1027 LEN=888
May 15 06:36:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.3.222.44 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=65333 PROTO=UDP SPT=14731 DPT=1028 LEN=888
May 15 06:41:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=22767 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:41:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=210.91.230.2 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=24350 DF PROTO=TCP SPT=3406 DPT=1521 WINDOW=65535 RES=0x00 SYN URGP=0
May 15 06:58:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.126.132.41 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=61970 PROTO=UDP SPT=11382 DPT=1026 LEN=888
May 15 07:06:09 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.129.115.57 DST=81.106.190.208 LEN=461 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=36716 DPT=1026 LEN=441
May 15 07:15:30 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.235.154.105 DST=81.106.190.208 LEN=482 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=UDP SPT=32773 DPT=1026 LEN=462
May 15 07:25:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20712 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=20861 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:26 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.173.6.130 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=107 ID=21162 DF PROTO=TCP SPT=1341 DPT=4899 WINDOW=64240 RES=0x00 SYN URGP=0
May 15 07:25:34 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=60630 PROTO=UDP SPT=30629 DPT=1026 LEN=641
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34979 PROTO=UDP SPT=55312 DPT=1026 LEN=419
May 15 07:47:33 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=34980 PROTO=UDP SPT=56481 DPT=1027 LEN=419
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 07:49:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 07:58:06 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.174.87.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=20091 PROTO=UDP SPT=26549 DPT=1027 LEN=888
May 15 08:04:25 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.81.89.161 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=34913 PROTO=UDP SPT=9142 DPT=1028 LEN=888
May 15 08:25:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.125.85.8 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=31563 PROTO=UDP SPT=24536 DPT=1026 LEN=888
May 15 08:34:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=33403 DPT=1026 LEN=398
May 15 08:38:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=9527 PROTO=UDP SPT=29713 DPT=1026 LEN=641
May 15 09:25:18 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=204.29.74.241 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=6226 PROTO=UDP SPT=11375 DPT=1027 LEN=888
May 15 09:31:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.63.99.71 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=4181 PROTO=UDP SPT=7271 DPT=1028 LEN=888
May 15 09:51:46 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=20181 PROTO=UDP SPT=30253 DPT=1026 LEN=641
May 15 09:53:36 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=64.50.43.85 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=1097 PROTO=UDP SPT=24961 DPT=1026 LEN=888
May 15 09:58:10 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.153.58 DST=81.106.190.208 LEN=418 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=45176 DPT=1026 LEN=398
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1026 LEN=473
May 15 10:13:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=61.172.249.200 DST=81.106.190.208 LEN=493 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=32785 DPT=1027 LEN=473
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25703 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25705 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25707 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25708 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:39 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25710 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25766 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25768 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25770 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25771 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:42 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25773 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25856 DF PROTO=TCP SPT=4153 DPT=1025 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25858 DF PROTO=TCP SPT=4155 DPT=6129 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25860 DF PROTO=TCP SPT=4157 DPT=3410 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25861 DF PROTO=TCP SPT=4158 DPT=5554 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:23:48 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=81.70.139.155 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=25863 DF PROTO=TCP SPT=4263 DPT=5000 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 10:32:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35767 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35768 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:32:59 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35769 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:04 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35770 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:15 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35771 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:33:35 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35772 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:34:17 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35773 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:35:40 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=62.252.96.15 DST=81.106.190.208 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 ID=35774 DF PROTO=TCP SPT=8080 DPT=32913 WINDOW=6600 RES=0x00 ACK PSH URGP=0
May 15 10:56:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=205.39.24.55 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=111 ID=50071 PROTO=UDP SPT=17358 DPT=1027 LEN=888
May 15 10:59:20 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=203.186.222.78 DST=81.106.190.208 LEN=908 TOS=0x00 PREC=0x00 TTL=110 ID=39219 PROTO=UDP SPT=18850 DPT=1028 LEN=888
May 15 11:04:56 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=222.88.173.5 DST=81.106.190.208 LEN=661 TOS=0x00 PREC=0x00 TTL=105 ID=35840 PROTO=UDP SPT=30991 DPT=1026 LEN=641
May 15 11:07:08 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=66.160.191.67 DST=81.106.190.208 LEN=494 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=32811 DPT=1026 LEN=474
May 15 11:13:43 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.83.155.71 DST=81.106.190.208 LEN=421 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=49587 DPT=1026 LEN=401
May 15 11:37:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11693 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:37:55 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=218.17.71.167 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11851 DF PROTO=TCP SPT=3897 DPT=8080 WINDOW=64800 RES=0x00 SYN URGP=0
May 15 11:39:00 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=219.148.64.68 DST=81.106.190.208 LEN=439 TOS=0x00 PREC=0x00 TTL=42 ID=15157 PROTO=UDP SPT=58797 DPT=1026 LEN=419
May 15 11:44:16 paratha sshd[5927]: Did not receive identification string from 195.239.164.214
May 15 11:47:54 paratha sshd[5930]: Failed password for root from 195.239.164.214 port 57616 ssh2
May 15 11:47:56 paratha sshd[5932]: Failed password for admin from 195.239.164.214 port 57652 ssh2
May 15 11:47:57 paratha sshd[5934]: Illegal user test from 195.239.164.214
May 15 11:47:57 paratha sshd[5934]: Failed password for illegal user test from 195.239.164.214 port 57674 ssh2
May 15 11:47:59 paratha sshd[5936]: Illegal user guest from 195.239.164.214
May 15 11:47:59 paratha sshd[5936]: Failed password for illegal user guest from 195.239.164.214 port 57692 ssh2
May 15 11:48:01 paratha sshd[5938]: Illegal user webmaster from 195.239.164.214
May 15 11:48:01 paratha sshd[5938]: Failed password for illegal user webmaster from 195.239.164.214 port 57710 ssh2
May 15 11:48:02 paratha sshd[5940]: Failed password for mysql from 195.239.164.214 port 57732 ssh2
May 15 11:48:04 paratha sshd[5942]: Illegal user oracle from 195.239.164.214
May 15 11:48:04 paratha sshd[5942]: Failed password for illegal user oracle from 195.239.164.214 port 57750 ssh2
May 15 11:48:06 paratha sshd[5944]: Illegal user library from 195.239.164.214
May 15 11:48:06 paratha sshd[5944]: Failed password for illegal user library from 195.239.164.214 port 57767 ssh2
May 15 11:48:07 paratha sshd[5946]: Illegal user info from 195.239.164.214
May 15 11:48:07 paratha sshd[5946]: Failed password for illegal user info from 195.239.164.214 port 57786 ssh2
May 15 11:48:09 paratha sshd[5948]: Illegal user shell from 195.239.164.214
May 15 11:48:09 paratha sshd[5948]: Failed password for illegal user shell from 195.239.164.214 port 57808 ssh2
May 15 11:48:10 paratha sshd[5950]: Illegal user linux from 195.239.164.214
May 15 11:48:10 paratha sshd[5950]: Failed password for illegal user linux from 195.239.164.214 port 57824 ssh2
May 15 11:48:12 paratha sshd[5952]: Illegal user unix from 195.239.164.214
May 15 11:48:12 paratha sshd[5952]: Failed password for illegal user unix from 195.239.164.214 port 57843 ssh2
May 15 11:48:14 paratha sshd[5954]: Illegal user webadmin from 195.239.164.214
May 15 11:48:14 paratha sshd[5954]: Failed password for illegal user webadmin from 195.239.164.214 port 57864 ssh2
May 15 11:48:15 paratha sshd[5956]: Failed password for ftp from 195.239.164.214 port 57881 ssh2
May 15 11:48:17 paratha sshd[5958]: Illegal user test from 195.239.164.214
May 15 11:48:17 paratha sshd[5958]: Failed password for illegal user test from 195.239.164.214 port 57900 ssh2
May 15 11:48:19 paratha sshd[5960]: Failed password for root from 195.239.164.214 port 57923 ssh2
May 15 11:48:21 paratha sshd[5962]: Failed password for admin from 195.239.164.214 port 57941 ssh2
May 15 11:48:23 paratha sshd[5964]: Illegal user guest from 195.239.164.214
May 15 11:48:23 paratha sshd[5964]: Failed password for illegal user guest from 195.239.164.214 port 57960 ssh2
May 15 11:48:24 paratha sshd[5966]: Illegal user master from 195.239.164.214
May 15 11:48:24 paratha sshd[5966]: Failed password for illegal user master from 195.239.164.214 port 57983 ssh2
May 15 11:48:26 paratha sshd[5968]: Failed password for apache from 195.239.164.214 port 58002 ssh2
May 15 11:48:28 paratha sshd[5970]: Failed password for root from 195.239.164.214 port 58019 ssh2
May 15 11:48:29 paratha sshd[5972]: Failed password for root from 195.239.164.214 port 58039 ssh2
May 15 11:48:31 paratha sshd[5974]: Failed password for root from 195.239.164.214 port 58057 ssh2
May 15 11:48:33 paratha sshd[5976]: Failed password for root from 195.239.164.214 port 58078 ssh2
May 15 11:48:34 paratha sshd[5978]: Failed password for root from 195.239.164.214 port 58093 ssh2
May 15 11:48:36 paratha sshd[5980]: Failed password for root from 195.239.164.214 port 58113 ssh2
May 15 11:48:38 paratha sshd[5982]: Failed password for root from 195.239.164.214 port 58129 ssh2
May 15 11:48:39 paratha sshd[5984]: Failed password for admin from 195.239.164.214 port 58148 ssh2
May 15 11:48:41 paratha sshd[5986]: Failed password for admin from 195.239.164.214 port 58165 ssh2
May 15 11:48:43 paratha sshd[5988]: Failed password for admin from 195.239.164.214 port 58181 ssh2
May 15 11:48:44 paratha sshd[5990]: Failed password for admin from 195.239.164.214 port 58201 ssh2
May 15 11:48:46 paratha sshd[5992]: Failed password for root from 195.239.164.214 port 58219 ssh2
May 15 11:48:47 paratha sshd[5994]: Failed password for root from 195.239.164.214 port 58233 ssh2
May 15 11:48:49 paratha sshd[5996]: Illegal user test from 195.239.164.214
May 15 11:48:49 paratha sshd[5996]: Failed password for illegal user test from 195.239.164.214 port 58254 ssh2
May 15 11:48:49 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57681 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:51 paratha sshd[5998]: Illegal user test from 195.239.164.214
May 15 11:48:51 paratha sshd[5998]: Failed password for illegal user test from 195.239.164.214 port 58269 ssh2
May 15 11:48:52 paratha sshd[6000]: Illegal user webmaster from 195.239.164.214
May 15 11:48:52 paratha sshd[6000]: Failed password for illegal user webmaster from 195.239.164.214 port 58286 ssh2
May 15 11:48:52 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=57831 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:54 paratha sshd[6002]: Illegal user user from 195.239.164.214
May 15 11:48:54 paratha sshd[6002]: Failed password for illegal user user from 195.239.164.214 port 58304 ssh2
May 15 11:48:56 paratha sshd[6004]: Illegal user username from 195.239.164.214
May 15 11:48:56 paratha sshd[6004]: Failed password for illegal user username from 195.239.164.214 port 58325 ssh2
May 15 11:48:57 paratha sshd[6006]: Illegal user username from 195.239.164.214
May 15 11:48:57 paratha sshd[6006]: Failed password for illegal user username from 195.239.164.214 port 58343 ssh2
May 15 11:48:58 paratha kernel: denylog:IN=eth1 OUT= MAC=00:90:27:12:12:f1:00:09:12:80:04:70:08:00 SRC=221.159.214.138 DST=81.106.190.208 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=58133 DF PROTO=TCP SPT=1766 DPT=4899 WINDOW=16384 RES=0x00 SYN URGP=0
May 15 11:48:59 paratha sshd[6008]: Illegal user user from 195.239.164.214
May 15 11:48:59 paratha sshd[6008]: Failed password for illegal user user from 195.239.164.214 port 58358 ssh2
May 15 11:49:01 paratha sshd[6010]: Failed password for root from 195.239.164.214 port 58374 ssh2
May 15 11:49:02 paratha sshd[6012]: Failed password for admin from 195.239.164.214 port 58392 ssh2
May 15 11:49:04 paratha sshd[6014]: Illegal user test from 195.239.164.214
May 15 11:49:04 paratha sshd[6014]: Failed password for illegal user test from 195.239.164.214 port 58410 ssh2
May 15 11:49:05 paratha sshd[6016]: Failed password for root from 195.239.164.214 port 58427 ssh2
May 15 11:49:07 paratha sshd[6018]: Failed password for root from 195.239.164.214 port 58445 ssh2
May 15 11:49:09 paratha sshd[6020]: Failed password for root from 195.239.164.214 port 58462 ssh2
May 15 11:49:10 paratha sshd[6022]: Failed password for root from 195.239.164.214 port 58479 ssh2
May 15 11:49:12 paratha sshd[6024]: Illegal user danny from 195.239.164.214
May 15 11:49:12 paratha sshd[6024]: Failed password for illegal user danny from 195.239.164.214 port 58500 ssh2
May 15 11:49:16 paratha sshd[6026]: Illegal user sharon from 195.239.164.214
May 15 11:49:16 paratha sshd[6026]: Failed password for illegal user sharon from 195.239.164.214 port 58516 ssh2
May 15 11:49:18 paratha sshd[6028]: Illegal user aron from 195.239.164.214
May 15 11:49:18 paratha sshd[6028]: Failed password for illegal user aron from 195.239.164.214 port 58564 ssh2
May 15 11:49:20 paratha sshd[6030]: Illegal user alex from 195.239.164.214
May 15 11:49:20 paratha sshd[6030]: Failed password for illegal user alex from 195.239.164.214 port 58580 ssh2
May 15 11:49:21 paratha sshd[6032]: Illegal user brett from 195.239.164.214
May 15 11:49:21 paratha sshd[6032]: Failed password for illegal user brett from 195.239.164.214 port 58600 ssh2
May 15 11:49:23 paratha sshd[6035]: Illegal user mike from 195.239.164.214
May 15 11:49:23 paratha sshd[6035]: Failed password for illegal user mike from 195.239.164.214 port 58617 ssh2
May 15 11:49:25 paratha sshd[6037]: Illegal user alan from 195.239.164.214
May 15 11:49:25 paratha sshd[6037]: Failed password for illegal user alan from 195.239.164.214 port 58635 ssh2
May 15 11:49:26 paratha sshd[6039]: Illegal user data from 195.239.164.214
May 15 11:49:26 paratha sshd[6039]: Failed password for illegal user data from 195.239.164.214 port 58655 ssh2
May 15 11:49:28 paratha sshd[6041]: Illegal user www-data from 195.239.164.214
May 15 11:49:28 paratha sshd[6041]: Failed password for illegal user www-data from 195.239.164.214 port 58671 ssh2
May 15 11:49:30 paratha sshd[6043]: Illegal user http from 195.239.164.214
May 15 11:49:30 paratha sshd[6043]: Failed password for illegal user http from 195.239.164.214 port 58687 ssh2
May 15 11:49:31 paratha sshd[6045]: Illegal user httpd from 195.239.164.214
May 15 11:49:31 paratha sshd[6045]: Failed password for illegal user httpd from 195.239.164.214 port 58706 ssh2
May 15 11:49:33 paratha sshd[6047]: Failed password for nobody from 195.239.164.214 port 58723 ssh2
May 15 11:49:35 paratha sshd[6049]: Failed password for root from 195.239.164.214 port 58742 ssh2
May 15 11:49:36 paratha sshd[6051]: Illegal user backup from 195.239.164.214
May 15 11:49:36 paratha sshd[6051]: Failed password for illegal user backup from 195.239.164.214 port 58759 ssh2
May 15 11:49:38 paratha sshd[6053]: Illegal user info from 195.239.164.214
May 15 11:49:38 paratha sshd[6053]: Failed password for illegal user info from 195.239.164.214 port 58777 ssh2
May 15 11:49:40 paratha sshd[6055]: Illegal user shop from 195.239.164.214
May 15 11:49:40 paratha sshd[6055]: Failed password for illegal user shop from 195.239.164.214 port 58800 ssh2
May 15 11:49:41 paratha sshd[6057]: Illegal user sales from 195.239.164.214
May 15 11:49:41 paratha sshd[6057]: Failed password for illegal user sales from 195.239.164.214 port 58815 ssh2
May 15 11:49:43 paratha sshd[6059]: Illegal user web from 195.239.164.214
May 15 11:49:43 paratha sshd[6059]: Failed password for illegal user web from 195.239.164.214 port 58831 ssh2
May 15 11:49:45 paratha sshd[6061]: Failed password for www from 195.239.164.214 port 58848 ssh2
May 15 11:49:46 paratha sshd[6063]: Illegal user wwwrun from 195.239.164.214
May 15 11:49:46 paratha sshd[6063]: Failed password for illegal user wwwrun from 195.239.164.214 port 58868 ssh2
May 15 11:49:48 paratha sshd[6065]: Illegal user adam from 195.239.164.214
May 15 11:49:48 paratha sshd[6065]: Failed password for illegal user adam from 195.239.164.214 port 58885 ssh2
May 15 11:49:49 paratha sshd[6067]: Illegal user stephen from 195.239.164.214
May 15 11:49:49 paratha sshd[6067]: Failed password for illegal user stephen from 195.239.164.214 port 58902 ssh2
May 15 11:49:51 paratha sshd[6069]: Illegal user richard from 195.239.164.214
May 15 11:49:51 paratha sshd[6069]: Failed password for illegal user richard from 195.239.164.214 port 58922 ssh2
May 15 11:49:53 paratha sshd[6072]: Illegal user george from 195.239.164.214
May 15 11:49:53 paratha sshd[6072]: Failed password for illegal user george from 195.239.164.214 port 58940 ssh2
May 15 11:49:55 paratha sshd[6074]: Illegal user michael from 195.239.164.214
May 15 11:49:55 paratha sshd[6074]: Failed password for illegal user michael from 195.239.164.214 port 58959 ssh2
May 15 11:49:56 paratha sshd[6076]: Illegal user john from 195.239.164.214
May 15 11:49:56 paratha sshd[6076]: Failed password for illegal user john from 195.239.164.214 port 58983 ssh2
May 15 11:49:58 paratha sshd[6078]: Illegal user david from 195.239.164.214
May 15 11:49:58 paratha sshd[6078]: Failed password for illegal user david from 195.239.164.214 port 59001 ssh2
May 15 11:50:00 paratha sshd[6080]: Illegal user paul from 195.239.164.214
May 15 11:50:00 paratha sshd[6080]: Failed password for illegal user paul from 195.239.164.214 port 59019 ssh2
May 15 11:50:01 paratha sshd[6082]: Failed password for news from 195.239.164.214 port 59035 ssh2
May 15 11:50:03 paratha sshd[6084]: Illegal user angel from 195.239.164.214
May 15 11:50:03 paratha sshd[6084]: Failed password for illegal user angel from 195.239.164.214 port 59052 ssh2
May 15 11:50:04 paratha sshd[6086]: Failed password for games from 195.239.164.214 port 59073 ssh2
May 15 11:50:06 paratha sshd[6088]: Illegal user pgsql from 195.239.164.214
May 15 11:50:06 paratha sshd[6088]: Failed password for illegal user pgsql from 195.239.164.214 port 59088 ssh2
May 15 11:50:08 paratha sshd[6090]: Illegal user pgsql from 195.239.164.214
May 15 11:50:08 paratha sshd[6090]: Failed password for illegal user pgsql from 195.239.164.214 port 59108 ssh2
May 15 11:50:13 paratha sshd[6092]: Failed password for mail from 195.239.164.214 port 59132 ssh2
May 15 11:50:15 paratha sshd[6094]: Failed password for adm from 195.239.164.214 port 59180 ssh2
May 15 11:50:16 paratha sshd[6096]: Illegal user ident from 195.239.164.214
May 15 11:50:16 paratha sshd[6096]: Failed password for illegal user ident from 195.239.164.214 port 59203 ssh2
May 15 11:50:18 paratha sshd[6098]: Illegal user resin from 195.239.164.214
May 15 11:50:18 paratha sshd[6098]: Failed password for illegal user resin from 195.239.164.214 port 59220 ssh2
May 15 11:50:20 paratha sshd[6100]: Illegal user mikael from 195.239.164.214
May 15 11:50:20 paratha sshd[6100]: Failed password for illegal user mikael from 195.239.164.214 port 59242 ssh2
May 15 11:50:21 paratha sshd[6102]: Illegal user mike from 195.239.164.214
May 15 11:50:21 paratha sshd[6102]: Failed password for illegal user mike from 195.239.164.214 port 59260 ssh2
May 15 11:50:23 paratha sshd[6104]: Illegal user suva from 195.239.164.214
May 15 11:50:23 paratha sshd[6104]: Failed password for illegal user suva from 195.239.164.214 port 59275 ssh2
May 15 11:50:25 paratha sshd[6106]: Illegal user webpop from 195.239.164.214
May 15 11:50:25 paratha sshd[6106]: Failed password for illegal user webpop from 195.239.164.214 port 59292 ssh2
May 15 11:50:26 paratha sshd[6108]: Illegal user technicom from 195.239.164.214
May 15 11:50:26 paratha sshd[6108]: Failed password for illegal user technicom from 195.239.164.214 port 59310 ssh2
May 15 11:50:28 paratha sshd[6110]: Illegal user susan from 195.239.164.214
May 15 11:50:28 paratha sshd[6110]: Failed password for illegal user susan from 195.239.164.214 port 59328 ssh2
May 15 11:50:29 paratha sshd[6112]: Illegal user sunsun from 195.239.164.214
May 15 11:50:29 paratha sshd[6112]: Failed password for illegal user sunsun from 195.239.164.214 port 59345 ssh2
May 15 11:50:31 paratha sshd[6114]: Illegal user sunny from 195.239.164.214
May 15 11:50:31 paratha sshd[6114]: Failed password for illegal user sunny from 195.239.164.214 port 59365 ssh2
May 15 11:50:33 paratha sshd[6116]: Illegal user steven from 195.239.164.214
May 15 11:50:33 paratha sshd[6116]: Failed password for illegal user steven from 195.239.164.214 port 59384 ssh2
May 15 11:50:34 paratha sshd[6118]: Illegal user ssh from 195.239.164.214
May 15 11:50:34 paratha sshd[6118]: Failed password for illegal user ssh from 195.239.164.214 port 59400 ssh2
May 15 11:50:36 paratha sshd[6120]: Illegal user search from 195.239.164.214
May 15 11:50:36 paratha sshd[6120]: Failed password for illegal user search from 195.239.164.214 port 59420 ssh2
May 15 11:50:38 paratha sshd[6122]: Illegal user sara from 195.239.164.214
May 15 11:50:38 paratha sshd[6122]: Failed password for illegal user sara from 195.239.164.214 port 59438 ssh2
May 15 11:50:39 paratha sshd[6124]: Illegal user robert from 195.239.164.214
May 15 11:50:39 paratha sshd[6124]: Failed password for illegal user robert from 195.239.164.214 port 59453 ssh2
May 15 11:50:41 paratha sshd[6126]: Illegal user richard from 195.239.164.214
May 15 11:50:41 paratha sshd[6126]: Failed password for illegal user richard from 195.239.164.214 port 59473 ssh2
May 15 11:50:42 paratha sshd[6128]: Illegal user postmaster from 195.239.164.214
May 15 11:50:42 paratha sshd[6128]: Failed password for illegal user postmaster from 195.239.164.214 port 59489 ssh2
May 15 11:50:44 paratha sshd[6130]: Illegal user party from 195.239.164.214
May 15 11:50:44 paratha sshd[6130]: Failed password for illegal user party from 195.239.164.214 port 59511 ssh2
May 15 11:50:46 paratha sshd[6132]: Illegal user michael from 195.239.164.214
May 15 11:50:46 paratha sshd[6132]: Failed password for illegal user michael from 195.239.164.214 port 59529 ssh2
May 15 11:50:47 paratha sshd[6134]: Illegal user amanda from 195.239.164.214
May 15 11:50:47 paratha sshd[6134]: Failed password for illegal user amanda from 195.239.164.214 port 59544 ssh2
May 15 11:50:49 paratha sshd[6136]: Failed password for mysql from 195.239.164.214 port 59561 ssh2
May 15 11:50:51 paratha sshd[6138]: Failed password for rpm from 195.239.164.214 port 59579 ssh2
May 15 11:50:52 paratha sshd[6140]: Failed password for operator from 195.239.164.214 port 59592 ssh2
May 15 11:50:54 paratha sshd[6142]: Illegal user sgi from 195.239.164.214
May 15 11:50:54 paratha sshd[6142]: Failed password for illegal user sgi from 195.239.164.214 port 59603 ssh2
May 15 11:50:55 paratha sshd[6144]: Illegal user Aaliyah from 195.239.164.214
May 15 11:50:55 paratha sshd[6144]: Failed password for illegal user Aaliyah from 195.239.164.214 port 59619 ssh2
May 15 11:50:57 paratha sshd[6146]: Illegal user Aaron from 195.239.164.214
May 15 11:50:57 paratha sshd[6146]: Failed password for illegal user Aaron from 195.239.164.214 port 59630 ssh2
May 15 11:50:58 paratha sshd[6148]: Illegal user Aba from 195.239.164.214
May 15 11:50:58 paratha sshd[6148]: Failed password for illegal user Aba from 195.239.164.214 port 59639 ssh2
May 15 11:51:00 paratha sshd[6150]: Illegal user Abel from 195.239.164.214
May 15 11:51:00 paratha sshd[6150]: Failed password for illegal user Abel from 195.239.164.214 port 59653 ssh2
May 15 11:51:01 paratha sshd[6152]: Illegal user Jewel from 195.239.164.214
May 15 11:51:01 paratha sshd[6152]: Failed password for illegal user Jewel from 195.239.164.214 port 59661 ssh2
May 15 11:51:03 paratha sshd[6154]: Failed password for sshd from 195.239.164.214 port 59671 ssh2
May 15 11:51:04 paratha sshd[6156]: Illegal user users from 195.239.164.214
May 15 11:51:04 paratha sshd[6156]: Failed password for illegal user users from 195.239.164.214 port 59682 ssh2
May 15 11:51:06 paratha sshd[6158]: Illegal user admins from 195.239.164.214
May 15 11:51:06 paratha sshd[6158]: Failed password for illegal user admins from 195.239.164.214 port 59691 ssh2
May 15 11:51:07 paratha sshd[6160]: Illegal user admins from 195.239.164.214
May 15 11:51:08 paratha sshd[6160]: Failed password for illegal user admins from 195.239.164.214 port 59700 ssh2
User avatar
ggreaves
LXF regular
 
Posts: 124
Joined: Tue Apr 12, 2005 12:58 pm

Postby M0PHP » Sun May 15, 2005 4:18 pm

It looks as if someone is trying to gain access via brute force to the server using ssh from someone at IP 195.239.164.214.
User avatar
M0PHP
LXF regular
 
Posts: 737
Joined: Wed Apr 06, 2005 7:40 am
Location: Bishop Auckland, County Durham, UK

Postby smita034 » Mon May 16, 2005 7:50 am

Yea, just use IPTables to ban the IP. If this happens alot you could try APF and BFD (iirc SME is based off of redhat/fedora so it should work, but i have not tested it on SME tho i do use it on my companys servers and have had no problems, just use at your own risk and all that ;) )
http://www.rfxnetworks.com/apf.php <-- Advanced Policy Firewall
http://www.rfxnetworks.com/bfd.php <-- Brute Force Detection

BFD will see that sort of thing happening, automaticly ban the IP and then email you to tell you. Very handy :)

Hope that helps
Alex A. Smith
99% of all computer problems occur between the chair and keyboard
User avatar
smita034
 
Posts: 29
Joined: Tue Apr 26, 2005 1:13 pm
Location: Rochester, Kent, UK


Return to Help!

Who is online

Users browsing this forum: Alex01UK and 1 guest