Fri, 11 Dec 2015

Dictionary Attack Suckas

I may start doing this periodically.

Here’s a subset of addresses from which I’ve received dictionary-based SSH attacks over the last month or so.

I’m guessing the majority of these are zombied boxes.

216.212.69.158.in-addr.arpa. 86400 IN   PTR     216.ip-158-69-212.net.
83.66.130.61.in-addr.arpa. 77998 IN     PTR     ppp83-66.hz.zj.cninfo.net.
113.148.83.212.in-addr.arpa. 8402 IN    PTR     212-83-148-113.rev.poneytelecom.eu.
107.196.172.184.in-addr.arpa. 58317 IN  PTR     6b.c4.acb8.ip4.static.sl-reverse.com.
85.145.195.113.in-addr.arpa. 2125 IN    PTR     85.145.195.113.adsl-pool.jx.chinaunicom.com.
153.15.129.212.in-addr.arpa. 28866 IN   PTR     212-129-15-153.rev.poneytelecom.eu.
12.238.182.179.in-addr.arpa. 21237 IN   PTR     179.182.238.12.dynamic.adsl.gvt.net.br.
246.121.5.187.in-addr.arpa. 59686 IN    PTR     187-5-121-246.gnale700.e.brasiltelecom.net.br.
29.79.82.80.in-addr.arpa. 2455  IN      PTR     vina-ip16.idfnv.net.
67.66.96.95.in-addr.arpa. 80155 IN      PTR     095-096-066-067.static.chello.nl.
59.207.69.158.in-addr.arpa. 77911 IN    PTR     59.ip-158-69-207.net.
171.4.215.176.in-addr.arpa. 3600 IN     PTR     dynamicip-176-215-4-171.pppoe.ekat.ertelecom.ru.
75.163.182.94.in-addr.arpa. 3596 IN     PTR     94-182-163-75.shatel.ir.
202.88.162.66.in-addr.arpa. 7677 IN     PTR     mail.plunkett-gibson.com.
83.144.3.195.in-addr.arpa. 843  IN      PTR     gamma.ip-colo.net.
112.21.4.62.in-addr.arpa. 27681 IN      PTR     62-4-21-112.rev.poneytelecom.eu.
23.106.249.88.in-addr.arpa. 21550 IN    PTR     88.249.106.23.dynamic.ttnet.com.tr.
24.86.78.185.in-addr.arpa. 3599 IN      PTR     servers.anadolucs.com.
100.89.174.93.in-addr.arpa. 3600 IN     PTR     mascara.folderfabulous.com.
146.93.174.93.in-addr.arpa. 3600 IN     PTR     hosted-by.ecatel.net.
220.91.54.169.in-addr.arpa. 86399 IN    PTR     dc.5b.36a9.ip4.static.sl-reverse.com.
137.49.244.61.in-addr.arpa. 37801 IN    PTR     061244049137.static.ctinets.com.
87.112.4.117.in-addr.arpa. 58840 IN     PTR     localhost.
52.78.10.5.in-addr.arpa. 86400  IN      PTR     34.4e.0a05.ip4.static.sl-reverse.com.
54.78.10.5.in-addr.arpa. 51259  IN      PTR     36.4e.0a05.ip4.static.sl-reverse.com.
152.2.17.84.in-addr.arpa. 33686 IN      PTR     www.compumir.ru.
152.2.17.84.in-addr.arpa. 33686 IN      PTR     compumir.ru.
243.72.114.202.in-addr.arpa. 60 IN      PTR     cctcc.whu.edu.cn.
10.224.32.207.in-addr.arpa. 86400 IN    PTR     elk1.elkhart.net.
189.133.238.104.in-addr.arpa. 3600 IN   PTR     104.238.133.189.vultr.com.
136.224.52.61.in-addr.arpa. 86400 IN    PTR     hn.kd.dhcp.
64.100.109.86.in-addr.arpa. 86399 IN    PTR     consejo.greenpeace.es.
32.52.187.78.in-addr.arpa. 43200 IN     PTR     78.187.52.32.static.ttnet.com.tr.
142.140.163.89.in-addr.arpa. 22723 IN   PTR     ve649.venus.fastwebserver.de.
49.137.155.177.in-addr.arpa. 86400 IN   PTR     177-155-137-49.gegnet.com.br.
158.132.163.89.in-addr.arpa. 7501 IN    PTR     rs000917.fastrootserver.de.
229.71.10.5.in-addr.arpa. 75621 IN      PTR     e5.47.0a05.ip4.static.sl-reverse.com.
227.71.10.5.in-addr.arpa. 86400 IN      PTR     e3.47.0a05.ip4.static.sl-reverse.com.
139.135.251.60.in-addr.arpa. 42361 IN   PTR     60-251-135-139.hinet-ip.hinet.net.

:: 11:19
:: /administrivia/general | [+]
::Comments (0)

Name:
E-mail:
URL:
Comment:
The Magic Word:
Which planet is closest to the sun? (hint -- it's Mercury...)




“If you don’t want your dog to have bad breath, do what I do: Pour a little
Lavoris in the toilet.”
— Jay Leno