Increased break in attempts

Nico

Well-Known Member
Dec 5, 2001
232
0
316
Edmond, OK
Over the past few days we've noticed and increase in illegal access attempts from users such as "guest", "admin", "test", and of course "root". All seem to be from 211.169.202.0/24. I'm hearing this from server owners in NOC's through out the USA and from a few private comanies that host their own site - they have the same usersnames trying to break in, but the IP ranges are different.

Anyone else experiencing this?
 

easyhoster1

Well-Known Member
Sep 25, 2003
656
0
166
Looks like Korea;

inetnum: 211.169.202.0 - 211.169.202.63
netname: ETWO48658D-KR
descr: Etwo
descr: 165-14 simkok2-dong wonmi-gu buchun-si
descr: KYONGGI
descr: 420-012
country: KR
admin-c: KL574-AP
tech-c: KL574-AP
mnt-by: MAINT-KR-DACOM
status: ASSIGNED NON-PORTABLE
remarks: imported from KRNIC
changed: [email protected] 20021023
source: APNIC

person: Kangyoung Lee
address: Etwo
address: 165-14 simkok2-dong wonmi-gu buchun-si
address: KYONGGI
address: 420-012
country: KR
phone: +82-18-312-3221
e-mail: [email protected]
nic-hdl: KL574-AP
mnt-by: MAINT-KR-DACOM
remarks: imported from KRNIC
changed: [email protected] 20021022
source: APNIC
 

Kaith Rustaz

Active Member
Jun 5, 2002
37
0
306
I set my hosts.allow and hosts.deny to filter them out.
Right now, my logs are full of nice "connection not allowed" comments. :)
 

andyorourke

Member
Dec 17, 2003
23
1
153
UK
I noticed lots from Brazil & Austria

USA
65.182.141.120
iMedia Networks Inc

Korea
211.234.100.105
KRNIC is not a ISP but a National Internet Registry similar to APNIC.
The followings are information of the organization that is using the IPv4 address.

IPv4 Address : 211.234.100.0-211.234.100.255

Once again, Nice to see that people are trying to get in, does it report if people actually get in??
 

icanectc

Well-Known Member
Mar 10, 2003
343
0
166
You can include me in this as well. From a wide range of IP's although the last attempt was probably a few days ago..