Home
 Home | Projects | News | Japanese Site | FAQs
    search for in
Account
Login
New User

Essentials
Linux for Playstation 2 Community
Supported Monitor DB
Where to buy
Linux for PlayStation 2 in Education
Coding for PlayStation 2

Legal Documents
Rules & Policies
Public Forum Rules
Privacy Policy
Terms of Service

Language:

Linux for PlayStation 2 Community - Forums

Summary |  Home Page |  Forums |  Lists |  Tasks |  Docs |  Surveys |  News |  Files | 

Discussion Forums: Networking

Admin

Message: 49561
BY: cronocloud
DATE: 2006-Apr-30 18:20
SUBJECT: First outside hacking attempt on my PS2.

I was away from home yesterday but had the laptop with me and had a net connection. I had preplanned and setup sshd beforehand. Before I left home, I opened up the necessary port on the router.

The remote connection with X forwarding worked okay, and came in handy

Back at home, I closed off the port, and checked the logs to see if anyone had tried to hack me.

Apr 29 19:08:35 midgar sshd[27467]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:35 midgar sshd[27467]: Failed password for ROOT from 222.198.150.16 port 60824 ssh2
Apr 29 19:08:35 midgar sshd[27467]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:41 midgar sshd[27468]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:41 midgar sshd[27468]: Failed password for ROOT from 222.198.150.16 port 60853 ssh2
Apr 29 19:08:41 midgar sshd[27468]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:44 midgar sshd[27469]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:44 midgar sshd[27469]: Failed password for ROOT from 222.198.150.16 port 60909 ssh2
Apr 29 19:08:44 midgar sshd[27469]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:46 midgar sshd[27470]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:46 midgar sshd[27470]: Failed password for ROOT from 222.198.150.16 port 60931 ssh2
Apr 29 19:08:46 midgar sshd[27470]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:49 midgar sshd[27471]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:49 midgar sshd[27471]: Failed password for ROOT from 222.198.150.16 port 60954 ssh2
Apr 29 19:08:49 midgar sshd[27471]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:51 midgar sshd[27472]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:51 midgar sshd[27472]: Failed password for ROOT from 222.198.150.16 port 60979 ssh2
Apr 29 19:08:53 midgar sshd[27472]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:55 midgar sshd[27473]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:55 midgar sshd[27473]: Failed password for ROOT from 222.198.150.16 port 32774 ssh2
Apr 29 19:08:55 midgar sshd[27473]: Received disconnect from 222.198.150.16: 11: Bye Bye
Apr 29 19:08:57 midgar sshd[27474]: Could not reverse map address 222.198.150.16.
Apr 29 19:08:57 midgar sshd[27474]: Failed password for ROOT from 222.198.150.16 port 32798 ssh2
Apr 29 19:08:58 midgar sshd[27474]: Received disconnect from 222.198.150.16: 11: Bye Bye

I was surpised at the root login attempts, because root logins via SSH are disabled by default. I also have password authentication turned off, so even if root login was on or they guessed username it still wouldn't work. If I'd have known the IP I was going to have I would have restricted sshd access to that.

Apparently the attacking IP is at a University in China.

inetnum: 222.198.128.0 - 222.198.159.255
netname: CQU-CN
descr: ~{VXGl4sQ'~}
descr: Chongqing University
descr: Chongqing, Chongqing 400044, China
country: CN
remarks: conn-id CD000300
admin-c: KW5-AP
tech-c: LY76-AP
tech-c: CER-AP
remarks: origin AS4538
changed: hostmaster@net.edu.cn 20041105
mnt-by: MAINT-CERNET-AP
status: ASSIGNED NON-PORTABLE
source: APNIC

role: CERNET Helpdesk
address: Room 224, Main Building
address: Tsinghua University
address: Beijing 100084, China
country: CN
phone: +86-10-6278-4049
fax-no: +86-10-6278-5933
e-mail: cernet-helpdesk-ip@net.edu.cn /> trouble: abuse@net.edu.cn /> admin-c: XL1-CN
tech-c: SZ2-AP
nic-hdl: CER-AP
remarks: Point of Contact for admin-c
mnt-by: MAINT-CERNET-AP
changed: cernet-helpdesk-ip@net.edu.cn 20010903
source: APNIC

person: Kang Wang
address: Network Center
address: Chongqing University
address: Chongqing, Chongqing 400044, China
nic-hdl: KW5-AP
e-mail: wangk@cqu.edu.cn /> phone: +86-23-65103121
fax-no: +86-23-65111500
changed: hostmaster@net.edu.cn 20041105
mnt-by: MAINT-CERNET-AP
source: APNIC

person: Ling Yu
address: Network Center
address: Chongqing University
address: Chongqing, Chongqing 400044, China
nic-hdl: LY76-AP
e-mail: yulin@cqu.edu.cn /> phone: +86-23-65103121
fax-no: +86-23-65111500
changed: hostmaster@net.edu.cn 20041105
mnt-by: MAINT-CERNET-AP
source: APNIC

I haven't decided whether to e-mail their abuse address about the atempts or not.


 

Thread View

Thread Author Date
First outside hacking attempt on my PS2.cronocloud2006-Apr-30 18:20
      RE: First outside hacking attempt on my PS2.cashimor2006-May-01 06:31
      Had this a few times before...grseidel2006-May-01 12:13
            RE: Had this a few times before...cronocloud2006-May-01 19:11

 

Post a followup to this message

You could post if you were [logged in]