Saturday, September 24, 2005

Dang Script Kiddies

Seriously, who does this kind of thing? I guess it's what I get for publishing a DNS handle to my IP address and forwarding port 22.

Well, no matter. Bring it on, I say. I'll have to start banning IP's. At least then they'll have to write a real script.

2 comments:

  1. What are scriopt kiddies? And who are those people whose names are listed above? And what did they do?

    ReplyDelete
  2. Definition of a script kiddie.

    The "people" listed above are not people at all. Notice that they come one at a time from the same IP address, then stop, then continue later from a different address.

    Someone out there has a script that tries to log in to hosts whose addresses are scraped off of web pages. They cycle through a dictionary of names in hopes that one of them has an easy-to-guess password (such as the name itself, "password", or my hostname). If the script successfully logs in, it might try do a number of things, such as take a guess at my root password and try to comprimise my kernel, run itself on my box and carry out more such attacks on others, or try to delete files or use up disk space, etc.

    It's mostly an annoyance, because my ssh settings only allow one user to log in from outside the local network, and that user (and the root account) has a strong password.

    Here's more such fun:
    Jan 17 01:00:08 [sshd] Invalid user mary from 200.30.146.19
    Jan 17 01:00:08 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:12 [sshd] Invalid user mary from 200.30.146.19
    Jan 17 01:00:12 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:17 [sshd] Invalid user mary from 200.30.146.19
    Jan 17 01:00:17 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:22 [sshd] Invalid user mary from 200.30.146.19
    Jan 17 01:00:22 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:27 [sshd] Invalid user mary from 200.30.146.19
    Jan 17 01:00:27 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:32 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:32 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:37 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:37 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:42 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:42 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:47 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:47 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:52 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:52 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:00:57 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:00:57 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:02 [sshd] Invalid user robin from 200.30.146.19
    Jan 17 01:01:02 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:06 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:07 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:11 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:12 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:16 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:16 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:21 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:21 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:26 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:26 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:31 [sshd] Invalid user freddy from 200.30.146.19
    Jan 17 01:01:31 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:36 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:01:36 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:41 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:01:41 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:45 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:01:46 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:50 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:01:51 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:01:55 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:01:55 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:00 [sshd] Invalid user jessie from 200.30.146.19
    Jan 17 01:02:00 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:05 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:05 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:10 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:10 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:14 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:14 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:19 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:19 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:24 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:24 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:29 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:29 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:34 [sshd] Invalid user marty from 200.30.146.19
    Jan 17 01:02:34 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:39 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:02:39 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:44 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:02:44 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:49 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:02:49 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:54 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:02:54 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:02:58 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:02:59 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:03 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:03:04 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:08 [sshd] Invalid user nancy from 200.30.146.19
    Jan 17 01:03:09 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:14 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:14 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:18 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:19 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:23 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:23 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:28 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:28 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:33 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:33 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:37 [sshd] Invalid user patricia from 200.30.146.19
    Jan 17 01:03:38 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:42 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:03:43 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:47 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:03:47 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:52 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:03:53 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:03:57 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:03:57 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:02 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:04:02 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:07 [sshd] Invalid user robert from 200.30.146.19
    Jan 17 01:04:08 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:13 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:13 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:19 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:20 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:25 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:26 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:31 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:32 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:37 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:37 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:43 [sshd] Invalid user sabrina from 200.30.146.19
    Jan 17 01:04:44 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:49 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:04:49 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:04:55 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:04:55 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:01 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:05:02 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:07 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:05:08 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:14 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:05:14 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:19 [sshd] Invalid user adrian from 200.30.146.19
    Jan 17 01:05:20 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:25 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:25 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:31 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:32 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:37 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:38 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:43 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:43 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:49 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:50 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:05:55 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:05:56 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:06:01 [sshd] Invalid user adam from 200.30.146.19
    Jan 17 01:06:01 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:06:07 [sshd] Invalid user carol from 200.30.146.19
    Jan 17 01:06:07 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:06:13 [sshd] Invalid user carol from 200.30.146.19
    Jan 17 01:06:14 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:06:19 [sshd] Invalid user carol from 200.30.146.19
    Jan 17 01:06:19 [sshd] reverse mapping checking getaddrinfo for mail.frutasmayas.com failed - POSSIBLE BREAKIN ATTEMPT!
    Jan 17 01:06:25 [sshd] Invalid user carol from 200.30.146.19

    ReplyDelete