*SHORT* summary of some of the attacks against us for May 2005 Just too many scans and not enough time to keep the list up all the time so... some of the more intresting scans/attacks, or 1 day samples are here year - time EASTERN source_ip[:port] (dns name, if any) attack/scan/notes 2005/05/08-11:52:01 193.124.133.216(cbs3uao16.ru.) try to login to all ips as root repeately vi a ssh. 2005/05/09-00:39:29 65.77.216.62(ns.mixtere.net.) try to login to all ips as root repeately vi a ssh. 2005/05/09-02:14:11 81.137.131.57 (host81-137-131-57.in-addr.btopenworld.com.) try to login to all ips as root repeately vi a ssh. 2005/05/10-05:37:09 205.244.176.16 (Digital Application Systems,Hartford,CT) try to login to all ips as root repeately vi a ssh. 2005/05/10-09:56:23 138.26.25.7 (jstagg.tucc.uab.edu.) try to login to all ips as root repeately vi a ssh. 2005/05/10-13:23:47 205.244.176.16(Digital Application Systems,Hartford,CT) try to login to all ips as root repeately vi a ssh. 2005/05/11-11:33:28 148.223.34.71 (omsa.merco.com.mx.) try to login to all ips as root,etc repeately vi a ssh. 2005/05/14-05:48:44 202.158.162.201 (MinHang Shanghai) try to login to all ips as root,etc repeately vi a ssh. 2005/05/14-07:19:07 80.190.249.210 (ipx10652.ipxserver.de.) ry to login to all ips as root,etc repeately vi a ssh. 2005/05/18-19:20:36 161.139.194.233 (Universiti Teknologi Malaysia) try to login to all ips as root,etc repeately vi a ssh. 2005/05/19-07:06:05 203.193.167.243 (Software Technology Parks of India,IN) try to login to all ips as root,etc repeately vi a ssh. 2005/05/19-19:39:20 161.53.87.20 (Croatian Academic and Research Network, HR) try to login to all ips as root,etc repeately vi a ssh. 2005/05/20-19:42:03 72.29.78.36 (72-29-78-36.dimenoc.com.) Try to login to all ips as root,etc repeately vi a ssh. 2005/05/23-06:39:54 168.143.106.201 (ns1.signontech.com.) try to login to all ips as root,etc repeately vi a ssh. 2005/05/23-18:33:36 143.248.91.231 (queue-ns-2.kaist.ac.kr.) try to login to all ips as root,etc repeately vi a ssh. 2005/05/25-13:27:31 213.219.241.2 (Zet Maximum limited,.ISP.Russia, Moscow) 25600 logins to all ips as root,etc repeately vi a ssh. 2005/05/26-12:57:10 216.135.163.85 (user-vc8f8ql.biz.mindspring.com.) try to login to all ips as root,etc repeately vi a ssh. 2005/05/27-05:15:00 213.219.241.2 (Zet Maximum limited,.ISP.Russia, Moscow) 25600 logins to all ips as root,etc repeately vi a ssh. 2005/05/27-19:06:45 83.133.127.247 (Greatnet New Media.,DE) scan net - ssh dictionary attack 2005/05/28-05:47:20 66.139.75.202 (server1.geopolitics.tv.) scan net - ssh dictionary attack 2005/05/28-13:17:15 59.120.144.142 (ldap.wirelesstonet.com.tw.) scan net - ssh dictionary attack 2005/05/28-17:07:45 211.20.17.141 (CHTD, Chunghwa Telecom Co.,Ltd.,TW) scan net - ssh dictionary attack 2005/05/29-14:12:02 84.234.228.97 (Lyse Tele DHCP,,NO) scan net - ssh dictionary attack 2005/05/29-18:44:10 80.15.159.51 (AStDenis-102-1-1-51.w80-15.abo.wanadoo.fr.) scan net - ssh dictonary attack 2005/05/30-02:21:13 195.210.188.44 (rh21as.moscow.vdiweb.com.) scan net - ssh dictionary attack 2005/05/30-16:16:34 217.9.111.106 (ewt communications GmbH,Nuernberg,DE) scan net - ssh dictionary attack 2005/05/31-17:05:19 158.103.0.194 (proxycgw.morgan.edu.) scan net - ssh dictionary attack 2005/05/31-19:51:33 207.234.129.83 (Affinity Internet, Inc,US) scan net - ssh dictionary attack 2005/05/31-20:46:58 65.38.210.12 (rd.centennialrd.com.) scan net - ssh dictionary attack