I checked my email inbox this morning, and guess what I found? The firewall (ConfigServer Security and Firewall) on a server I help run blocked a brute-force attack from Nokia:

Time: Tue May 1 02:28:18 2007
IP: 63.97.248.34 (machine34.nokia.com)
Failures: 5 (sshd)
Interval: 135 seconds
Blocked: Yes

Log entries:

May 1 02:28:08 blue sshd[9363]: Failed password for root from ::ffff:63.97.248.34 port 56057 ssh2
May 1 07:28:08 blue sshd[9364]: Failed password for root from ::ffff:63.97.248.34 port 56057 ssh2
May 1 02:28:11 blue sshd[9368]: Failed password for root from ::ffff:63.97.248.34 port 56436 ssh2
May 1 07:28:11 blue sshd[9369]: Failed password for root from ::ffff:63.97.248.34 port 56436 ssh2
May 1 02:28:13 blue sshd[9370]: Failed password for root from ::ffff:63.97.248.34 port 56591 ssh2

Just thought it was funny :P
(oh yeah, and I will report it to them!)

Short URL for sharing: https://d.sb/Bs. This entry was posted on 1st May 2007 and is filed under Linux, Internet. You can leave a comment if you'd like to, or subscribe to the RSS feed to keep up-to-date with all my latest blog posts!

Comments

  1. Avatar for MikeSel^ MikeSel^ said:

    I recently suffered something similar, but mine was from Microsoft servers.. (tide526.microsoft.com) i have since discovered this was a spoofed referrer. So all may not be what it seems!

    Oh and apologies for posting on such an old blog item :$

  2. Avatar for Daniel15 Daniel15 said:

    It's not a referer, it's the reverse DNS entry (changing an IP address back to a hostname). Unless Nokia's ISP screwed up the reverse DNS, it's definitely them:

    daniel@daniel-laptop:~$ host  63.97.248.34
    34.248.97.63.in-addr.arpa domain name pointer machine34.nokia.com.

    I'm guessing it's a zombie Windows PC with viruses and stuff on it :P

    "Oh and apologies for posting on such an old blog item"
    No problem... I like people commenting on my blog, no matter how old the blog item is :)