Looks like normal "compromised host scans the entire internet" behaviour to
me.
From: users-bounces+spb=attenuate.org(a)lists.bitfolk.com
[mailto:users-bounces+spb=attenuate.org@lists.bitfolk.com] On Behalf Of Max
B
Sent: 10 November 2013 21:47
To: users(a)lists.bitfolk.com
Subject: Re: [bitfolk] default behaviour of Debian /etc/login.defs does not
log to /var/log/sulog
:)
dunno, Alex.
1443 attempts over a 5 day period, including:
264 attempts at 'postgres'
574 attempts at 'oracle'
585 at 'nagios'
15 at 'tesztuser'
from 37.187.75.221
aka
duhless.net
http://vk.com/duhlessnet
http://wa-com.com/duhless.net
A registry in Russia, anonymized by an Australian outfit
Who buy service from
ovh.net in France.
Stalked, or repeatedly scanned by a compromised box?
It looks intentional, not compromised, to me.
Le Dimanche 10 novembre 2013 22h18, Alex Smith <alex(a)alexsmith.org> a écrit
:
On Sun, Nov 10, 2013 at 7:21 PM, Max B <txtmb(a)yahoo.fr> wrote:
Recently, I have been stalked by a user at
ovh.net . They seem to be
well-financed and persistent.
Stalked, or repeatedly scanned by a compromised box?
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users