Article 9894 at 07/05/19 03:45:47 From: arturs (at mark) netvision.net.il Subject: [coba-e:09894] Re: Is this a attack! "check pass; user unknown"

Index: [Article Count Order] [Thread]
Date:  Fri, 18 May 2007 21:32:51 +0300
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:09894] Re: Is this a attack! "check pass; user unknown"
To:  coba-e (at mark) bluequartz.org
Message-Id:  <0JI900A9U2BP4D60 (at mark) mxout5.netvision.net.il>
In-Reply-To:  <07d401c79975$d9742780$8c5c7680$@com>
X-Mail-Count: 09894

i'd run 'netstat' with appropriate switches to check against new
connections.
it does seem to be an attack...
can you see the source IP of this? i wonder if it comes from inside...
 
do you have any kind of web app/mail firewall in place? ISP or dedicated, or
software?
if you do, do you have anti DDoS and such protection in place?
i wouldn't count on BQ to hold its ground against this kind of attack all by
itself.
and this is 99.99% of attacks coming to my server these days.
 
HTH



Best,

--
Arthur 

 


  _____  

From: TUNC ERESEN [mailto:tunc (at mark) eresen.com] 
Sent: Friday, May 18, 2007 8:56 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:09892] Is this a attack! "check pass; user unknown"



Hi all 

 

May 18 18:42:30 ns3 PAM_pwdb[11102]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11081]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11082]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11100]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11120]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11121]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11122]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11103]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11105]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11101]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11104]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11124]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11106]: check pass; user unknown

May 18 18:42:30 ns3 PAM_pwdb[11126]: check pass; user unknown

Hot of the log..

And What to do about it ? Girrr again.

I am getting 10000's  of these  how can I kill or stop it. Or is it in a
loop.

 

 

 

 

Regards 

Tunc 


	9894_2.html (attatchment)(tag is disabled)