[Wien] ssh bruteforce attempt from public.metalab.wien.funkfeuer.at

[Clemens Hopfer]

Hi Gui,

thanks for the report, I'll look into it.

public.metalab is actually the backup-router, traffic from the metalab-LAN is 
actually NATted over v642 behind 185.194.20.42, do you see any logs for this?

Currently I don't see any traffic on port 22 originating from public.metalab.

BR,
Clemens

On Montag, 23. April 2018 11:14:45 CEST Gui Iribarren wrote:
> yesterday while debugging the RST thing, i also spotted a flood of these
> in the log. circa 17 attemps per minute, lasted for at least a couple of
> hours. here two example lines only:
> Sun Apr 22 18:42:33 2018 authpriv.warn dropbear[29515]: Bad password
> attempt for 'root' from 78.41.112.151:44084
> Sun Apr 22 19:02:29 2018 authpriv.warn dropbear[30205]: Login attempt
> for nonexistent user from 78.41.112.151:47361
> 
> i'm pretty used to seeing that kind of bruteforce attempts "from the
> wild" out in the internet, but in this particular case,
> that ip resolves to public.metalab.wien.funkfeuer.at
> 
> possibly just someone experimenting at the metalab (seems to have
> stopped today). but reporting just in case.
> 
> --
> Wien mailing list
> (spam-protected)
> https://lists.funkfeuer.at/mailman/listinfo/wien

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 195 bytes
Beschreibung: This is a digitally signed message part.
URL         : <http://lists.funkfeuer.at/pipermail/wien/attachments/20180423/d682d9f4/attachment.sig>