Sections

Personal tools

You are here: Home → Report → Report Templates (for Email) → security@csusb.edu Report Template

security@csusb.edu Report Template

... to report evidence of compromised computers

From: John Q. Analyst 
Subject: SSH scan from 139.182.x.y
To: security@csusb.edu

139.182.x.y hit almost 18,000 University addresses this morning with
an SSH scan.  You probably were compromised with some sort of worm.
Here is an excerpt from one systems log:

All times in PST (GMT -0800).

Feb 31 08:50:57 research sshd[68209]: Failed password for root from
139.182.x.y port 50111 ssh2
Feb 31 08:51:01 research sshd[68215]: Failed password for root from
139.182.x.y port 50336 ssh2
Feb 31 08:51:05 research sshd[68228]: Failed password for root from
139.182.x.y port 50513 ssh2
Feb 31 08:51:08 research sshd[68235]: Failed password for root from
139.182.x.y port 50721 ssh2
Feb 31 08:51:08 research sshd[68237]: Failed password for root from
139.182.x.y port 50838 ssh2

If you require add'l info, just let me know!
-JA

--
John Q. Analyst
Extra Watchful University
Institutional Security Office
(999)555-1212

Document Actions

Print this

Helpful Tools

CSUSB Root Certificate
Install to trust CSU San Bernardino secure (https://) sites.
Word Viewer 2003 (.doc)
Excel Viewer 2003 (.xls)
PowerPoint Viewer 2007 (.ppt)
Acrobat Reader (.pdf)
7-zip (.zip)
Open source, multi-platform file archive software
Wireshark (.pcap)

News: OS X Leopard Antivirus Jun 30, 2008; OS X VPN Client Updated Nov 07, 2007; More news…