OK, picking out hacking attempts from logfiles is getting tired, so I promise, just one more. Apparently, at other IST schools, attempting to log on to other peoples' servers is what they teach. I see the entries regularly in my emails from Logwatch. What makes this one different is that it comes from an IST school like mine.
This brings up the (tired old) subject of University networks. They need to remain open and useful to students and professors, but they need to be protected from abuse and being used to abuse others. Preventing attacks like these from a campus would be hard. You could block port 22 outbound, but that would cut off a lot of legitimate activity. You could have all students sign an acceptable use policy, which might help you enforce rules against someone when you catch them. You could monitor network traffic for patterns like these, but that would involve monitoring a lot of network traffic at great expense. Universities charge enough without having to purchase a lot of monitoring equipment and software and hiring staff to watch its students, but this is what the Federal government wants them to do. Given how many attacks originate at Universities, it's easy to understand why. The Morris worm nearly took down the Internet from a University almost twenty years ago.
The more things change...
Logwatch entries:
sshd:
Authentication Failures:
unknown (ist.pct.edu): 101 Time(s)
apache (ist.pct.edu): 1 Time(s)
bin (ist.pct.edu): 1 Time(s)
mail (ist.pct.edu): 1 Time(s)
mysql (ist.pct.edu): 1 Time(s)
nobody (ist.pct.edu): 1 Time(s)
root (ist.pct.edu): 1 Time(s)
xfs (ist.pct.edu): 1 Time(s)
Invalid Users:
Unknown Account: 101 Time(s)
Failed logins from these:
admin/password from ::ffff:72.20.218.49: 1 Time(s)
adsl/password from ::ffff:72.20.218.49: 1 Time(s)
akon/password from ::ffff:72.20.218.49: 1 Time(s)
chun/password from ::ffff:72.20.218.49: 1 Time(s)
cisco/password from ::ffff:72.20.218.49: 1 Time(s)
cyd/password from ::ffff:72.20.218.49: 1 Time(s)
deamon/password from ::ffff:72.20.218.49: 1 Time(s)
dsl/password from ::ffff:72.20.218.49: 1 Time(s)
favorites/password from ::ffff:72.20.218.49: 1 Time(s)
fuji/password from ::ffff:72.20.218.49: 1 Time(s)
fujiwara/password from ::ffff:72.20.218.49: 1 Time(s)
fukumoto/password from ::ffff:72.20.218.49: 1 Time(s)
genki/password from ::ffff:72.20.218.49: 1 Time(s)
granlumie/password from ::ffff:72.20.218.49: 1 Time(s)
guest/password from ::ffff:72.20.218.49: 1 Time(s)
hagiwara/password from ::ffff:72.20.218.49: 1 Time(s)
hakko/password from ::ffff:72.20.218.49: 1 Time(s)
hayashi/password from ::ffff:72.20.218.49: 2 Time(s)
hayashy/password from ::ffff:72.20.218.49: 1 Time(s)
hiramara/password from ::ffff:72.20.218.49: 1 Time(s)
hiramaru/password from ::ffff:72.20.218.49: 1 Time(s)
hiroshi/password from ::ffff:72.20.218.49: 1 Time(s)
history/password from ::ffff:72.20.218.49: 1 Time(s)
hokko/password from ::ffff:72.20.218.49: 1 Time(s)
hokoyama/password from ::ffff:72.20.218.49: 1 Time(s)
horikoshi/password from ::ffff:72.20.218.49: 1 Time(s)
hotline/password from ::ffff:72.20.218.49: 1 Time(s)
hotmail/password from ::ffff:72.20.218.49: 1 Time(s)
ikanri/password from ::ffff:72.20.218.49: 1 Time(s)
info/password from ::ffff:72.20.218.49: 1 Time(s)
install/password from ::ffff:72.20.218.49: 1 Time(s)
internet/password from ::ffff:72.20.218.49: 1 Time(s)
invite/password from ::ffff:72.20.218.49: 1 Time(s)
iocha/password from ::ffff:72.20.218.49: 1 Time(s)
ishihara/password from ::ffff:72.20.218.49: 1 Time(s)
ito/password from ::ffff:72.20.218.49: 1 Time(s)
kajipar/password from ::ffff:72.20.218.49: 1 Time(s)
kakou/password from ::ffff:72.20.218.49: 1 Time(s)
kamata/password from ::ffff:72.20.218.49: 1 Time(s)
kamato/password from ::ffff:72.20.218.49: 1 Time(s)
kato/password from ::ffff:72.20.218.49: 1 Time(s)
kawakami/password from ::ffff:72.20.218.49: 1 Time(s)
kay/password from ::ffff:72.20.218.49: 1 Time(s)
ken/password from ::ffff:72.20.218.49: 1 Time(s)
kenkou/password from ::ffff:72.20.218.49: 1 Time(s)
kento/password from ::ffff:72.20.218.49: 1 Time(s)
kobe/password from ::ffff:72.20.218.49: 1 Time(s)
kohi/password from ::ffff:72.20.218.49: 1 Time(s)
kohitujikai/password from ::ffff:72.20.218.49: 1 Time(s)
kumemura/password from ::ffff:72.20.218.49: 1 Time(s)
lestat/password from ::ffff:72.20.218.49: 1 Time(s)
mac/password from ::ffff:72.20.218.49: 1 Time(s)
masumura/password from ::ffff:72.20.218.49: 1 Time(s)
matsuo/password from ::ffff:72.20.218.49: 1 Time(s)
mikata/password from ::ffff:72.20.218.49: 1 Time(s)
miura/password from ::ffff:72.20.218.49: 1 Time(s)
motoka/password from ::ffff:72.20.218.49: 1 Time(s)
motooka/password from ::ffff:72.20.218.49: 1 Time(s)
nakamoto/password from ::ffff:72.20.218.49: 1 Time(s)
nakamura/password from ::ffff:72.20.218.49: 1 Time(s)
nakayama/password from ::ffff:72.20.218.49: 1 Time(s)
new/password from ::ffff:72.20.218.49: 1 Time(s)
nuke/password from ::ffff:72.20.218.49: 1 Time(s)
otashiro/password from ::ffff:72.20.218.49: 1 Time(s)
play/password from ::ffff:72.20.218.49: 1 Time(s)
playboy/password from ::ffff:72.20.218.49: 1 Time(s)
proba/password from ::ffff:72.20.218.49: 1 Time(s)
prova/password from ::ffff:72.20.218.49: 1 Time(s)
prueba/password from ::ffff:72.20.218.49: 1 Time(s)
register/password from ::ffff:72.20.218.49: 1 Time(s)
robert/password from ::ffff:72.20.218.49: 1 Time(s)
roberto/password from ::ffff:72.20.218.49: 1 Time(s)
ryu/password from ::ffff:72.20.218.49: 1 Time(s)
saito/password from ::ffff:72.20.218.49: 1 Time(s)
sales/password from ::ffff:72.20.218.49: 2 Time(s)
search/password from ::ffff:72.20.218.49: 1 Time(s)
sesso/password from ::ffff:72.20.218.49: 1 Time(s)
sex/password from ::ffff:72.20.218.49: 1 Time(s)
shimada/password from ::ffff:72.20.218.49: 1 Time(s)
shiraki/password from ::ffff:72.20.218.49: 1 Time(s)
shiraky/password from ::ffff:72.20.218.49: 1 Time(s)
takato/password from ::ffff:72.20.218.49: 1 Time(s)
teraji/password from ::ffff:72.20.218.49: 1 Time(s)
test/password from ::ffff:72.20.218.49: 4 Time(s)
toi/password from ::ffff:72.20.218.49: 1 Time(s)
toy/password from ::ffff:72.20.218.49: 1 Time(s)
transfer/password from ::ffff:72.20.218.49: 1 Time(s)
trust/password from ::ffff:72.20.218.49: 1 Time(s)
try/password from ::ffff:72.20.218.49: 1 Time(s)
tujikai/password from ::ffff:72.20.218.49: 1 Time(s)
wap/password from ::ffff:72.20.218.49: 1 Time(s)
wara/password from ::ffff:72.20.218.49: 1 Time(s)
web/password from ::ffff:72.20.218.49: 1 Time(s)
www/password from ::ffff:72.20.218.49: 1 Time(s)
yamanaka/password from ::ffff:72.20.218.49: 1 Time(s)
yokoya/password from ::ffff:72.20.218.49: 1 Time(s)
No comments:
Post a Comment