Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: SSH Brute Force - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SSH Brute Force

SSH brute force password guessing attacks aren't really anything new. They have been going on for quite some time and whilst early July there was a small dip things seems to be getting back to normal.  One of our readers (thanks Robert) though noticed that the SSH brute forcing is coordinated between a number of IP addresses (118.97.8.28, 125.210.209.152, and 161.200.184.4).  If you have SSH open to the internet (honeypot or real) and you are able to share some log files I'd be interested to take a look at them.  Please upload them using the contact form or send them directly to markh.isc@gmail.com.

Log files will look something like this.

Username        SourceIPAddr    lPort Count TimeStamp
bette           118.97.8.28     22    1     09:51:05 EDT Sat Jul 16 2011
clairette       118.97.8.28     22    1     09:51:29 EDT Sat Jul 16 2011
clamens         118.97.8.28     22    1     09:51:33 EDT Sat Jul 16 2011
clarisse        118.97.8.28     22    1     09:51:37 EDT Sat Jul 16 2011
claude          118.97.8.28     22    1     09:51:41 EDT Sat Jul 16 2011
dumont          118.97.8.28     22    1     09:52:05 EDT Sat Jul 16 2011
duplo           118.97.8.28     22    1     09:52:09 EDT Sat Jul 16 2011
dupont          118.97.8.28     22    1     09:52:12 EDT Sat Jul 16 2011
durand          118.97.8.28     22    1     09:52:16 EDT Sat Jul 16 2011
farceur         118.97.8.28     22    1     09:52:40 EDT Sat Jul 16 2011
farucci         118.97.8.28     22    1     09:52:44 EDT Sat Jul 16 2011
faustine        118.97.8.28     22    1     09:52:48 EDT Sat Jul 16 2011

Mark

 

Mark

391 Posts
ISC Handler
I have seen justthe 1st IP. Not with logs from our SSH servers but only in flows:

Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2011-06-10 06:37:03.422 0.000 TCP 118.97.8.28:32790 -> 192.102.148.4:22 1 60 1
2011-06-10 06:37:03.422 0.000 TCP 118.97.8.28:38599 -> 192.102.148.20:22 1 60 1
2011-06-10 06:37:03.422 0.000 TCP 118.97.8.28:43684 -> 192.102.148.45:22 1 60 1
2011-06-10 06:37:03.422 0.000 TCP 118.97.8.28:46113 -> 192.102.148.63:22 1 60 1
2011-06-10 06:37:03.422 0.000 TCP 118.97.8.28:59180 -> 192.102.148.88:22 1 60 1

Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2011-06-09 08:55:07.830 0.320 TCP 118.97.8.28:35842 -> 192.35.229.1:22 3 164 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:41802 -> 192.35.229.85:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:34687 -> 192.35.229.96:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:41065 -> 192.35.229.83:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:57839 -> 192.35.229.100:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:59773 -> 192.35.229.114:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:43344 -> 192.35.229.120:22 1 60 1
2011-06-09 08:55:07.828 0.000 TCP 118.97.8.28:33159 -> 192.35.229.108:22 1 60 1
2011-06-09 08:55:07.892 0.000 TCP 118.97.8.28:33048 -> 192.35.229.122:22 1 60 1
Jens

42 Posts
I saw this for two hours this morning:

Jul 17 04:13:46 weather sshd[13341]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:13:52 weather sshd[13343]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:13:57 weather sshd[13348]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:03 weather sshd[13393]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:08 weather sshd[13398]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:14 weather sshd[13402]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:19 weather sshd[13427]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:25 weather sshd[13484]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:30 weather sshd[13646]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:36 weather sshd[13682]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:41 weather sshd[13785]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:47 weather sshd[13804]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:53 weather sshd[13835]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:14:58 weather sshd[13840]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:04 weather sshd[14037]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:09 weather sshd[14099]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:14 weather sshd[14239]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:20 weather sshd[14247]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:25 weather sshd[14300]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:31 weather sshd[14474]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:37 weather sshd[14568]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:42 weather sshd[14611]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:48 weather sshd[14640]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:53 weather sshd[14658]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:15:58 weather sshd[14704]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)
Jul 17 04:16:04 weather sshd[14840]: refused connect from ::ffff:220.162.239.168 (::ffff:220.162.239.168)

He was successfully refused. I use tcp wrappers to keep only select domains open.
Gilbert

21 Posts
I'm getting my fair share of SSH brute force attempts, but I have yet to see any of the mentioned IPs.
In the last few days, I'm seeing a huge load (read: several thousand attempts) from 61.7.235.205 (Thai DSL) and 217.196.220.152 (Czech DSL/Colo).
No chance to get in, though, I'm only open to two /24 nets.. unless there's a way around tcpwrappers.
Visi

41 Posts
Some of the few...

Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.83:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.71:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.78:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.92:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.77:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.72:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.81:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.69:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.75:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.103:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.120:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.121:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.90:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.79:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.95:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.109:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.110:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.106:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.98:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.105:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.104:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.117:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.114:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.113:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.126:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.116:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.108:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.70:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.74:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.68:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.80:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.84:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.73:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.88:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.93:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.89:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.97:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.99:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.123:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.122:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.94:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.124:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.115:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.76:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.101:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.82:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.67:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.100:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.91:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.119:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.86:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.125:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.85:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.87:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.107:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.118:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.96:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.111:22 in via en0
Jul 24 09:12:58 - ipfw[147]: 65534 Deny TCP 46.181.84.53:30277 x.x.x.102:22 in via en0

Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.67:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.68:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.69:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.75:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.76:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.74:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.77:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.82:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.84:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.85:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.90:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.91:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.93:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.83:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.98:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.99:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.100:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.101:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.106:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.92:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.107:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.109:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.114:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.115:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.117:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.116:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.122:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.124:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.123:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.125:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.108:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.71:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.72:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.73:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.80:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.70:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.79:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.78:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.86:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.81:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.87:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.89:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.88:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.94:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.95:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.104:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.103:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.102:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.97:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.105:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.96:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.110:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.111:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.113:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.119:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.120:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.118:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.121:22 in via en0
Jul 24 07:30:36 - ipfw[147]: 65534 Deny TCP 108.59.5.19:39205 x.x.x.126:22 in via en0

Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44715 x.x.x.68:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:34854 x.x.x.96:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36196 x.x.x.81:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:38835 x.x.x.99:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:56897 x.x.x.90:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54818 x.x.x.95:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36086 x.x.x.94:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:43941 x.x.x.86:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50697 x.x.x.75:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:37023 x.x.x.74:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:43015 x.x.x.88:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42527 x.x.x.73:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46677 x.x.x.78:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54399 x.x.x.76:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44581 x.x.x.67:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36259 x.x.x.79:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:51170 x.x.x.82:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36557 x.x.x.93:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55619 x.x.x.98:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49325 x.x.x.106:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55695 x.x.x.118:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:58316 x.x.x.121:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60931 x.x.x.111:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:41556 x.x.x.126:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44497 x.x.x.91:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:35615 x.x.x.101:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60485 x.x.x.109:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44101 x.x.x.83:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46804 x.x.x.116:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:47960 x.x.x.123:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60464 x.x.x.71:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33898 x.x.x.113:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42736 x.x.x.89:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42235 x.x.x.70:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57228 x.x.x.92:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57407 x.x.x.108:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42567 x.x.x.69:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50805 x.x.x.107:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:59526 x.x.x.72:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36778 x.x.x.84:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55792 x.x.x.87:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54852 x.x.x.122:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:51686 x.x.x.110:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49150 x.x.x.105:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33586 x.x.x.102:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:37452 x.x.x.77:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:40966 x.x.x.119:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57117 x.x.x.104:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42460 x.x.x.85:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49220 x.x.x.80:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50493 x.x.x.124:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36757 x.x.x.97:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:53557 x.x.x.100:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:41277 x.x.x.103:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55838 x.x.x.115:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:39693 x.x.x.114:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46579 x.x.x.125:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:56182 x.x.x.117:22 in via en0
Jul 26 11:58:14 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33143 x.x.x.120:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36196 x.x.x.81:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50697 x.x.x.75:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:43015 x.x.x.88:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:37023 x.x.x.74:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44715 x.x.x.68:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:34854 x.x.x.96:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:43941 x.x.x.86:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:38835 x.x.x.99:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36086 x.x.x.94:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54818 x.x.x.95:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:56897 x.x.x.90:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42527 x.x.x.73:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54399 x.x.x.76:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36259 x.x.x.79:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46677 x.x.x.78:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:51170 x.x.x.82:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36557 x.x.x.93:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44581 x.x.x.67:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55619 x.x.x.98:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44497 x.x.x.91:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:44101 x.x.x.83:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60464 x.x.x.71:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:58316 x.x.x.121:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55695 x.x.x.118:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60931 x.x.x.111:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:41556 x.x.x.126:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42736 x.x.x.89:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57228 x.x.x.92:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:59526 x.x.x.72:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46804 x.x.x.116:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:47960 x.x.x.123:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42235 x.x.x.70:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42567 x.x.x.69:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:35615 x.x.x.101:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49325 x.x.x.106:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:60485 x.x.x.109:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33898 x.x.x.113:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55792 x.x.x.87:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:42460 x.x.x.85:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36778 x.x.x.84:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:37452 x.x.x.77:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49220 x.x.x.80:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:36757 x.x.x.97:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57407 x.x.x.108:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50805 x.x.x.107:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:49150 x.x.x.105:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:54852 x.x.x.122:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:40966 x.x.x.119:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:50493 x.x.x.124:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:51686 x.x.x.110:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33586 x.x.x.102:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:57117 x.x.x.104:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:55838 x.x.x.115:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:39693 x.x.x.114:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:46579 x.x.x.125:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:53557 x.x.x.100:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:56182 x.x.x.117:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:41277 x.x.x.103:22 in via en0
Jul 26 11:58:17 - ipfw[371]: 65534 Deny TCP 109.70.36.193:33143 x.x.x.120:22 in via en0

Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.74:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.86:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.87:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.95:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.94:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.123:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.117:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.122:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.107:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.71:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.80:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.99:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.77:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.73:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.78:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.114:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.110:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.101:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.89:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.113:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.105:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.75:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.67:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.91:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.102:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.111:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.81:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.96:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.70:22 in via en0
Jul 26 06:42:57 - ipfw[371]: 65534 Deny TCP 196.201.207.10:64851 x.x.x.119:22 in via en0

Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:48086 x.x.x.90:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:54297 x.x.x.82:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:21597 x.x.x.74:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:44068 x.x.x.93:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:50683 x.x.x.106:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:26060 x.x.x.117:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:59198 x.x.x.101:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:38104 x.x.x.114:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:56553 x.x.x.70:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:60452 x.x.x.113:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:45015 x.x.x.69:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:17464 x.x.x.109:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:49899 x.x.x.98:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:60633 x.x.x.85:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:30469 x.x.x.77:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:12351 x.x.x.125:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:52845 x.x.x.122:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:34273 x.x.x.97:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:39445 x.x.x.102:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:40765 x.x.x.121:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:61036 x.x.x.81:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:52219 x.x.x.78:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:18758 x.x.x.94:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:50395 x.x.x.89:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:38141 x.x.x.73:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:50864 x.x.x.118:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:48942 x.x.x.105:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:43774 x.x.x.126:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:49100 x.x.x.110:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:26126 x.x.x.86:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:30394 x.x.x.107:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:52606 x.x.x.124:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:26766 x.x.x.99:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:16358 x.x.x.115:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:41615 x.x.x.67:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:27825 x.x.x.83:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:42177 x.x.x.68:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:24381 x.x.x.84:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:35854 x.x.x.75:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:57073 x.x.x.92:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:32047 x.x.x.91:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:31455 x.x.x.100:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:12985 x.x.x.123:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:61078 x.x.x.76:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:35014 x.x.x.108:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:38497 x.x.x.116:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:30681 x.x.x.79:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:40193 x.x.x.120:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:51174 x.x.x.80:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:49877 x.x.x.95:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:51010 x.x.x.72:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:13802 x.x.x.104:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:21280 x.x.x.71:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:13522 x.x.x.119:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:60477 x.x.x.111:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:18774 x.x.x.87:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:20277 x.x.x.103:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:62409 x.x.x.96:22 in via en0
Jul 24 03:42:30 - ipfw[147]: 65534 Deny TCP 218.64.215.239:42120 x.x.x.88:22 in via en0
Visi
3 Posts

Sign Up for Free or Log In to start participating in the conversation!