[NCUC E-team] Server under attack

Tapani Tarvainen ncuc at tapani.tarvainen.info
Thu Oct 16 14:40:28 CEST 2014

It looks like ncuc1 is presently under ssh dictionary
attack, authlog is full of stuff like this:

Oct 16 14:27:30 ncuc1 sshd[30041]: Failed password for root from port 2955 ssh2

The attack won't succeed, root password logins have been
disabled since the beginning, but if it intensifies
it may slow things down (and it may be something like
that caused the overload last week, too).
It probably isn't particularly directed at us, looks
more like a script kiddie scanning everything in sight.

For the curious, the that IP address is in China.
If somebody feels like contacting their ISP,
whois gives good-looking contact info.

Otherwise, I guess it might be a good idea to tighten
the box a bit.

Tapani Tarvainen

More information about the E-team mailing list