Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What that is?

Status
Not open for further replies.

chiuhong

Technical User
Jun 28, 2000
26
HK
Hi,
Anyone knows what is that? i found from /var/log/secure

Sep 14 20:25:34 ms1 sshd[9296]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:36 ms1 sshd[9296]: Failed password for uucp from ::ffff:203.199.92.156 port 56867 ssh2
Sep 14 20:25:38 ms1 sshd[9298]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:40 ms1 sshd[9298]: Failed password for operator from ::ffff:203.199.92.156 port 56974 ssh2
Sep 14 20:25:41 ms1 sshd[9300]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:44 ms1 sshd[9300]: Failed password for vcsa from ::ffff:203.199.92.156 port 57078 ssh2
Sep 14 20:25:45 ms1 sshd[9302]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:47 ms1 sshd[9302]: Failed password for nscd from ::ffff:203.199.92.156 port 57172 ssh2
Sep 14 20:25:48 ms1 sshd[9304]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:51 ms1 sshd[9304]: Failed password for ident from ::ffff:203.199.92.156 port 57278 ssh2
Sep 14 20:25:52 ms1 sshd[9306]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:54 ms1 sshd[9306]: Failed password for rpcuser from ::ffff:203.199.92.156 port 57389 ssh2
Sep 14 20:25:55 ms1 sshd[9308]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:25:58 ms1 sshd[9308]: Failed password for nfsnobody from ::ffff:203.199.92.156 port 57491 ssh2
Sep 14 20:25:59 ms1 sshd[9310]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:01 ms1 sshd[9310]: Failed password for mailnull from ::ffff:203.199.92.156 port 57586 ssh2
Sep 14 20:26:02 ms1 sshd[9312]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:05 ms1 sshd[9312]: Failed password for smmsp from ::ffff:203.199.92.156 port 57687 ssh2
Sep 14 20:26:06 ms1 sshd[9314]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:08 ms1 sshd[9314]: Failed password for pcap from ::ffff:203.199.92.156 port 57790 ssh2
Sep 14 20:26:09 ms1 sshd[9316]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:12 ms1 sshd[9316]: Failed password for apache from ::ffff:203.199.92.156 port 57889 ssh2
Sep 14 20:26:13 ms1 sshd[9318]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:15 ms1 sshd[9318]: Failed password for squid from ::ffff:203.199.92.156 port 57993 ssh2
Sep 14 20:26:16 ms1 sshd[9320]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:19 ms1 sshd[9320]: Failed password for webalizer from ::ffff:203.199.92.156 port 58087 ssh2
Sep 14 20:26:20 ms1 sshd[9322]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:22 ms1 sshd[9322]: Failed password for dbus from ::ffff:203.199.92.156 port 58187 ssh2
Sep 14 20:26:23 ms1 sshd[9324]: Invalid user desktop from ::ffff:203.199.92.156
Sep 14 20:26:23 ms1 sshd[9324]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:26 ms1 sshd[9324]: Failed password for invalid user desktop from ::ffff:203.199.92.156 port 58279 ssh2
Sep 14 20:26:27 ms1 sshd[9327]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:29 ms1 sshd[9327]: Failed password for gdm from ::ffff:203.199.92.156 port 58373 ssh2
Sep 14 20:26:30 ms1 sshd[9329]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:33 ms1 sshd[9329]: Failed password for pvm from ::ffff:203.199.92.156 port 58474 ssh2
Sep 14 20:26:34 ms1 sshd[9331]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:36 ms1 sshd[9331]: Failed password for canna from ::ffff:203.199.92.156 port 58565 ssh2
Sep 14 20:26:38 ms1 sshd[9333]: reverse mapping checking getaddrinfo for 203.199.92.156.static.vsnl.net.in failed - POSSIBLE BREAKIN
ATTEMPT!
Sep 14 20:26:40 ms1 sshd[9333]: Failed password for wnn from ::ffff:203.199.92.156 port 58688 ssh2
 


Tracing route to 203.199.92.156.static.vsnl.net.in [203.199.92.156]
over a maximum of 30 hops:

1 26 ms 31 ms 29 ms pcd-hhm19-2-rx.netvigator.com [218.102.174.254]

2 33 ms 36 ms 26 ms n219076097182.netvigator.com [219.76.97.182]
3 27 ms 23 ms 38 ms pcd507222.netvigator.com [218.102.39.222]
4 23 ms 31 ms 23 ms unknown.net.reach.com [134.159.100.129]
5 23 ms 23 ms 27 ms i-4-3.wwh-dist01.net.reach.com [202.84.155.22]
6 34 ms 26 ms 26 ms unknown.net.reach.com [202.84.155.145]
7 32 ms 25 ms 30 ms i-6-6.hht-dist01.net.reach.com [202.84.154.105]

8 31 ms 38 ms 38 ms unknown.net.reach.com [202.84.154.130]
9 34 ms 28 ms 36 ms unknown.net.reach.com [134.159.128.42]
10 118 ms 160 ms 122 ms 219.64.254.145.mpls-vpn-ibb.static.vsnl.net.in [
219.64.254.145]
11 129 ms 130 ms 122 ms vsb-cr1.amu1.Bbone.vsnl.net.in [202.54.2.238]
12 118 ms 119 ms 120 ms lvsb-vsb-gig.Bbone.vsnl.net.in [202.54.2.21]
13 127 ms 130 ms 129 ms 203.197.33.132.static.vsnl.net.in [203.197.33.13
2]
14 126 ms 128 ms 326 ms 203.199.99.33.static.vsnl.net.in [203.199.99.33]

15 134 ms 129 ms 136 ms 203.199.92.156.static.vsnl.net.in [203.199.92.15
6]

Trace complete.
 
Looks to me like a an IP that should excluded using IPTables to me. Then again, I go with a "Default Deny" type policy... Only open up as much as needed. If I know who is using the system, on what ports, and where they will be using it from, I allow those trusted computers access to that port for that/those users (for those users only applies to services that have such configurations and IP tables doesn't care about users, just port and IPs), everything else is blocked.

[plug=shameless]
[/plug]
 
Thanks jstreich for your quick reply.
seems someone trying to hack our server, right?
 
I don't think there is a lot to worry about so far. All these have their shell set to /sbib/nologin but to be on the safe side, do as jstreich suggests and have all access denied by default and only allow specific users or groups.



 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top