Date:  Fri, 18 May 2007 19:29:20 +0100
From:  Everard Brown <bluequartz-mailing-list (at mark) brown-llabres.com>
Subject:  [coba-e:09893] Re: Is this a attack! "check pass; user unknown"
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20070518192920.me060elqog8o0k4c (at mark) webhost01.perpetua.org.uk>
In-Reply-To:  <07d401c79975$d9742780$8c5c7680$@com>
References:  <0JI700IAML38U800 (at mark) mxout5.netvision.net.il>	<000201c79953$d9bbd750$0601a8c0 (at mark) systemax>	<07d401c79975$d9742780$8c5c7680$ (at mark) com>
X-Mail-Count: 09893

Tunc,

It looks like a dictionary attack...

You may want to consider installing something like 'DenyHosts' to help  
to reduce this - it works very well.

Everard

On Fri, 18 May 2007 18:56:16 +0100, TUNC ERESEN <tunc (at mark) eresen.com> wrote:
> Hi all
>
> May 18 18:42:30 ns3 PAM_pwdb[11102]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11081]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11082]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11100]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11120]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11121]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11122]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11103]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11105]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11101]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11104]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11124]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11106]: check pass; user unknown
> May 18 18:42:30 ns3 PAM_pwdb[11126]: check pass; user unknown
>
> Hot of the log..
>
> And What to do about it ? Girrr again.
>
> I am getting 10000's  of these  how can I kill or stop it. Or is it in a
> loop.

>
> Regards
>
> Tunc


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.