<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>C'mon. Its a Christmas season, and this is a Hail Mary attack,
      reminding us all about a need to switch to using keys for login<br>
    </p>
    <p><a class="moz-txt-link-freetext" href="https://security.stackexchange.com/questions/13559/why-was-the-hail-mary-cloud-named-so">https://security.stackexchange.com/questions/13559/why-was-the-hail-mary-cloud-named-so</a></p>
    <p>When I first freaked about this, my logs had incoming ips from
      China. These ones are from Denmark, Germany, Japan. What can be
      common to all these developed countries? May be IKEA's IoT
      devices? :)<br>
    </p>
    <div class="moz-cite-prefix">On 2019-12-29 11:06 a.m., Khalid
      Baheyeldin wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CA+TuoW2y0KtSuDxzk8X+GAugPfojCUV+rANVkOvmq=Y=dzxBgA@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div>Here is an example from the scary internet ... <br>
        </div>
        <div><br>
        </div>
        <div>From today's logs of a server I manage (via logwatch):</div>
        <div><br>
        </div>
        <div> Failed logins from:<br>
              <a href="http://92.246.17.5" target="_blank"
            moz-do-not-send="true">92.246.17.5</a>: 1 time<br>
              95.88.219.197 (<a
            href="http://ip5f58dbc5.dynamic.kabel-deutschland.de"
            target="_blank" moz-do-not-send="true">ip5f58dbc5.dynamic.kabel-deutschland.de</a>):
          1 time<br>
              153.126.166.203 (<a
            href="http://ik1-319-19699.vs.sakura.ne.jp" target="_blank"
            moz-do-not-send="true">ik1-319-19699.vs.sakura.ne.jp</a>): 1
          time<br>
          <br>
           Illegal users from:<br>
              undef: 3 times<br>
              <a href="http://12.22.203.226" target="_blank"
            moz-do-not-send="true">12.22.203.226</a>: 1 time<br>
              63.142.97.181 (<a
            href="http://63-142-97-63-142-97-181.cpe.sparklight.net"
            target="_blank" moz-do-not-send="true">63-142-97-63-142-97-181.cpe.sparklight.net</a>):
          1 time<br>
              <a href="http://92.246.17.5" target="_blank"
            moz-do-not-send="true">92.246.17.5</a>: 2 times<br>
              97.84.76.88 (<a
            href="http://97-84-76-88.dhcp.snlo.ca.charter.com"
            target="_blank" moz-do-not-send="true">97-84-76-88.dhcp.snlo.ca.charter.com</a>):
          1 time<br>
              <a href="http://115.160.163.195" target="_blank"
            moz-do-not-send="true">115.160.163.195</a>: 2 times<br>
              142.4.208.131 (<a href="http://ns502558.ip-142-4-208.net"
            target="_blank" moz-do-not-send="true">ns502558.ip-142-4-208.net</a>):
          1 time<br>
              153.126.141.19 (<a
            href="http://ik1-306-13265.vs.sakura.ne.jp" target="_blank"
            moz-do-not-send="true">ik1-306-13265.vs.sakura.ne.jp</a>): 1
          time</div>
        <div><br>
        </div>
        <div>These are all ssh login attempts from various IP addresses.</div>
        <div><br>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
kwlug-disc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a>
<a class="moz-txt-link-freetext" href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a>
</pre>
    </blockquote>
  </body>
</html>