You are not logged in.
- Topics: Active | Unanswered
#1 2019-07-01 16:33:23
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,594
Interesting Journal message resulting from intrusion attempt
I review my logs from time to time and there are always artifacts from intrusion attempts -- by the boat load; but I've never seen these two sshd messages before. Anyone know what they are attempting?
Jul 01 07:21:35 odin sshd[17640]: error: connect_to d3alqb8vzo7fun.cloudfront.net: unknown host (No address associated with hostname)and, several minutes later
Jul 01 07:49:57 odin sshd[21862]: error: kex_exchange_identification: Connection closed by remote hostIn between those two, there were a couple brute force attempts on root, test and telly -- of course, all password logins are disallowed.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way
Offline
#2 2019-07-01 18:14:31
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,305
Re: Interesting Journal message resulting from intrusion attempt
The first sounds as if you have created an SSH (SOCKS?) proxy that will try to connect to any domain given to it. It so happens that this cloudfront address has no valid dns record.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |
Offline