You are not logged in.
- Topics: Active | Unanswered
#1 2019-07-01 16:33:23
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,346
Interesting Journal message resulting from intrusion attempt
I review my logs from time to time and there are always artifacts from intrusion attempts -- by the boat load; but I've never seen these two sshd messages before. Anyone know what they are attempting?
Jul 01 07:21:35 odin sshd[17640]: error: connect_to d3alqb8vzo7fun.cloudfront.net: unknown host (No address associated with hostname)and, several minutes later
Jul 01 07:49:57 odin sshd[21862]: error: kex_exchange_identification: Connection closed by remote hostIn between those two, there were a couple brute force attempts on root, test and telly -- of course, all password logins are disallowed.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#2 2019-07-01 18:14:31
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,280
Re: Interesting Journal message resulting from intrusion attempt
The first sounds as if you have created an SSH (SOCKS?) proxy that will try to connect to any domain given to it. It so happens that this cloudfront address has no valid dns record.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline