question

[Jean-Louis Noel]

Hi All,

C'est réel ou c'est un "spoofing"?

==========
Sep 15 20:05:25 ns sshd[12586]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=193.104.68.210 user=root
Sep 15 20:05:25 ns sshd[12586]: pam_succeed_if(sshd:auth): requirement "uid
>= 1000" not met by user "root"
Sep 15 20:05:27 ns sshd[12586]: Failed password for root from 193.104.68.210
port 47289 ssh2
Sep 15 20:05:27 ns sshd[12586]: Received disconnect from 193.104.68.210: 11:
Bye Bye [preauth]

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '193.104.68.0 - 193.104.68.255'

inetnum: 193.104.68.0 - 193.104.68.255
netname: KGBHOSTING
descr: KGB Hosting d.o.o.,
remarks: Kikinda, Serbia
country: RS
org: ORG-KHd1-RIPE
admin-c: VZ525-RIPE
tech-c: VZ525-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: ORIONTELEKOM-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: ORIONTELEKOM-MNT
mnt-domains: ORIONTELEKOM-MNT
source: RIPE # Filtered

organisation: ORG-KHd1-RIPE
org-name: KGB Hosting d.o.o.
org-type: OTHER
address: Milana Sivceva 36, Kikinda, Serbia
abuse-mailbox: ab...@evovps.com
mnt-ref: ORIONTELEKOM-MNT
mnt-by: ORIONTELEKOM-MNT
source: RIPE # Filtered

person: Vladimir Zolnjan
address: Orion Telekom NOC
address: Gandijeva 76a
address: Belgrade, Serbia
phone: +381 11 2228 388
nic-hdl: VZ525-RIPE
mnt-by: ORIONTELEKOM-MNT
source: RIPE # Filtered

% Information related to '193.104.68.0/24AS9125'

route: 193.104.68.0/24
descr: KGBHOSTING pool
origin: AS9125
mnt-by: ORIONTELEKOM-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.68.1
(WHOIS2)
==========

[Richard]

> Hi All,
>
> C'est rï¿œel ou c'est un "spoofing"?

Encore un coup de la NSA ;-)