V

Distributed is brute force

2 weeks ago I observed a distributed brute-force attack trying to guess passwords for root and mysql. Today, the attacks started again at about 2007-11-06 12:30 UTC. Interestingly, a good deal of connections are coming from IP addresses which I had recorded 2 weeks before ;-) Within the last 12 hours connections came from 220 unique IP addresses of which I had already recorded 130 addresses two weeks ago.

I am offering the full list of IP addresses of the distributed brute-force attack (as of 2007-11-06 23:47 UTC, about 450 addresses) for download. For what it's worth I am listing here the addresses which have hostnames. These hosts are likely cracked.

List of hostnames as of 2007-11-06 22:58 UTC

169.red-80-59-91.staticip.rima-tde.net
200-204-67-48.dsl.telesp.net.br
201-016-189-058.xf-static.ctbcnetsuper.com.br
208-58-104-173.c3-0.avec-ubr9.nyr-avec.ny.cable.rcn.com
213-35-211-206-dsl.end.estpak.ee
44.241-201-80.adsl-static.isp.belgacom.be
48.red-80-33-222.staticip.rima-tde.net
62.43.205.67.static.user.ono.com
67.105.126.195.ptr.us.xo.net
81-86-57-77.dsl.pipex.com
85-126-101-107.work.xdsl-line.inode.at
85-18-136-98.fastres.net
allinger-it.de
buy83.internetdsl.tpnet.pl
c9067486.static.spo.virtua.com.br
cvs.cyberell.com
dsl51b6fadf.fixip.t-online.hu
dsl51b7d83e.fixip.t-online.hu
epsmac2.harvard.edu
fa1-ntp.telepern.pl
gva82.internetdsl.tpnet.pl
host1-56-static.32-88-b.business.telecomitalia.it
host126-63-static.72-81-b.business.telecomitalia.it
host33-236-static.123-81-b.business.telecomitalia.it
infostyle.hu
internal.stefankuhn.net
jaysus.de
lib1-v-1-135.static.adsl.vol.cz
linuxserver.fms.uni-rostock.de
lneuilly-152-21-116-168.w193-253.abo.wanadoo.fr
mail.morganind.com
mail.synos.com.br
owned.by.badt.dk
p006.ippool_216_162_92.mciu.k12.pa.us
pd95b7ad1.dip0.t-ipconnect.de
ser.srce.hr
sites.srv.br
vps832469669.serverpool.info
widow.openia.com
www.petersfood.com

Discussion

Enter your comment. Wiki syntax is allowed:
I O T P E
 
 
blog/071106_distributed_is_brute_force.txt · Last modified: 2007-11-07 00:48 by andreas