Unauthorized connection attempt from IP address 111.93.7.2 on Port 445(SMB)

1576592463 - 12/17/2019 15:21:03 Host: 111.93.7.2/111.93.7.2 Port: 445 TCP Blocked

SSH brute force

Sep 30 16:19:32 mail sshd[29287]: Failed password for root from 111.93.71.219 port 47236 ssh2

Fail2Ban Ban Triggered

Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-09-15T21:58:35Z and 2020-09-15T22:07:22Z

2020-09-15T17:00:58.129860dmca.cloudsearch.cf sshd[8816]: Invalid user mobile from 111.93.71.219 port 55370
2020-09-15T17:00:58.136011dmca.cloudsearch.cf sshd[8816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
2020-09-15T17:00:58.129860dmca.cloudsearch.cf sshd[8816]: Invalid user mobile from 111.93.71.219 port 55370
2020-09-15T17:01:00.290032dmca.cloudsearch.cf sshd[8816]: Failed password for invalid user mobile from 111.93.71.219 port 55370 ssh2
2020-09-15T17:05:28.279875dmca.cloudsearch.cf sshd[8945]: Invalid user ftptest from 111.93.71.219 port 60154
2020-09-15T17:05:28.287509dmca.cloudsearch.cf sshd[8945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
2020-09-15T17:05:28.279875dmca.cloudsearch.cf sshd[8945]: Invalid user ftptest from 111.93.71.219 port 60154
2020-09-15T17:05:29.839705dmca.cloudsearch.cf sshd[8945]: Failed password for invalid user ftptest from 111.93.71
...

Aug 29 08:38:09 localhost sshd[2820659]: Invalid user ps from 111.93.71.219 port 37164
...

2020-08-27T21:19:01.754911shield sshd\[21874\]: Invalid user deploy from 111.93.71.219 port 60682
2020-08-27T21:19:01.794423shield sshd\[21874\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
2020-08-27T21:19:03.749817shield sshd\[21874\]: Failed password for invalid user deploy from 111.93.71.219 port 60682 ssh2
2020-08-27T21:22:58.973378shield sshd\[23106\]: Invalid user demo from 111.93.71.219 port 35226
2020-08-27T21:22:59.024381shield sshd\[23106\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219

(sshd) Failed SSH login from 111.93.71.219 (IN/India/static-219.71.93.111-tataidc.co.in): 5 in the last 3600 secs

Aug 13 11:58:26 v22019038103785759 sshd\[18049\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219  user=root
Aug 13 11:58:28 v22019038103785759 sshd\[18049\]: Failed password for root from 111.93.71.219 port 46599 ssh2
Aug 13 12:03:05 v22019038103785759 sshd\[18250\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219  user=root
Aug 13 12:03:08 v22019038103785759 sshd\[18250\]: Failed password for root from 111.93.71.219 port 51116 ssh2
Aug 13 12:07:43 v22019038103785759 sshd\[18428\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219  user=root
...

$f2bV_matches

Jul 28 08:31:59 ns381471 sshd[21340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
Jul 28 08:32:01 ns381471 sshd[21340]: Failed password for invalid user wilmor from 111.93.71.219 port 52409 ssh2

2020-07-26T04:47:14.457128shield sshd\[2475\]: Invalid user cqt from 111.93.71.219 port 59266
2020-07-26T04:47:14.467620shield sshd\[2475\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
2020-07-26T04:47:16.249305shield sshd\[2475\]: Failed password for invalid user cqt from 111.93.71.219 port 59266 ssh2
2020-07-26T04:49:27.365083shield sshd\[2835\]: Invalid user maquina from 111.93.71.219 port 45710
2020-07-26T04:49:27.376375shield sshd\[2835\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219

Jul 24 04:25:20 master sshd[2547]: Failed password for invalid user codi from 111.93.71.219 port 45519 ssh2
Jul 24 04:37:34 master sshd[2973]: Failed password for invalid user ftp from 111.93.71.219 port 40135 ssh2
Jul 24 04:42:14 master sshd[3059]: Failed password for invalid user zhg from 111.93.71.219 port 47482 ssh2
Jul 24 04:46:54 master sshd[3108]: Failed password for invalid user long from 111.93.71.219 port 54830 ssh2
Jul 24 04:51:38 master sshd[3153]: Failed password for invalid user admin from 111.93.71.219 port 33944 ssh2
Jul 24 04:56:33 master sshd[3165]: Failed password for invalid user admin from 111.93.71.219 port 41289 ssh2
Jul 24 05:01:30 master sshd[3595]: Failed password for git from 111.93.71.219 port 48639 ssh2
Jul 24 05:06:18 master sshd[3625]: Failed password for invalid user hsi from 111.93.71.219 port 55987 ssh2
Jul 24 05:11:01 master sshd[3726]: Failed password for invalid user ftpuser from 111.93.71.219 port 35102 ssh2

Jul 21 06:59:43 fhem-rasp sshd[13024]: Invalid user ci from 111.93.71.219 port 38969
...

2020-07-16T08:03:32.373554sd-86998 sshd[35194]: Invalid user zou from 111.93.71.219 port 51915
2020-07-16T08:03:32.381872sd-86998 sshd[35194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.71.219
2020-07-16T08:03:32.373554sd-86998 sshd[35194]: Invalid user zou from 111.93.71.219 port 51915
2020-07-16T08:03:34.825690sd-86998 sshd[35194]: Failed password for invalid user zou from 111.93.71.219 port 51915 ssh2
2020-07-16T08:08:33.100489sd-86998 sshd[35844]: Invalid user kate from 111.93.71.219 port 59359
...

2020-07-27T12:32:22.039986abusebot-4.cloudsearch.cf sshd[31037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.41  user=root
2020-07-27T12:32:24.319408abusebot-4.cloudsearch.cf sshd[31037]: Failed password for root from 222.186.180.41 port 56928 ssh2
2020-07-27T12:32:27.285937abusebot-4.cloudsearch.cf sshd[31037]: Failed password for root from 222.186.180.41 port 56928 ssh2
2020-07-27T12:32:22.039986abusebot-4.cloudsearch.cf sshd[31037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.41  user=root
2020-07-27T12:32:24.319408abusebot-4.cloudsearch.cf sshd[31037]: Failed password for root from 222.186.180.41 port 56928 ssh2
2020-07-27T12:32:27.285937abusebot-4.cloudsearch.cf sshd[31037]: Failed password for root from 222.186.180.41 port 56928 ssh2
2020-07-27T12:32:22.039986abusebot-4.cloudsearch.cf sshd[31037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ss
...

Jul 27 08:40:35 NPSTNNYC01T sshd[29516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.79.176
Jul 27 08:40:37 NPSTNNYC01T sshd[29516]: Failed password for invalid user vss from 217.182.79.176 port 47426 ssh2
Jul 27 08:44:42 NPSTNNYC01T sshd[29892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.79.176
...

 TCP (SYN) 95.252.216.156:59242 -> port 23, len 44

Port probing on unauthorized port 2323

2020-07-27T15:48:10.971971lavrinenko.info sshd[30187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137  user=root
2020-07-27T15:48:12.729268lavrinenko.info sshd[30187]: Failed password for root from 222.186.42.137 port 61647 ssh2
2020-07-27T15:48:10.971971lavrinenko.info sshd[30187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137  user=root
2020-07-27T15:48:12.729268lavrinenko.info sshd[30187]: Failed password for root from 222.186.42.137 port 61647 ssh2
2020-07-27T15:48:15.724569lavrinenko.info sshd[30187]: Failed password for root from 222.186.42.137 port 61647 ssh2
...

2020-07-27T13:53:25.469907vps773228.ovh.net sshd[20579]: Invalid user duo from 117.103.2.114 port 34134
2020-07-27T13:53:25.486236vps773228.ovh.net sshd[20579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.103.2.114
2020-07-27T13:53:25.469907vps773228.ovh.net sshd[20579]: Invalid user duo from 117.103.2.114 port 34134
2020-07-27T13:53:27.605038vps773228.ovh.net sshd[20579]: Failed password for invalid user duo from 117.103.2.114 port 34134 ssh2
2020-07-27T13:57:03.571605vps773228.ovh.net sshd[20609]: Invalid user admin from 117.103.2.114 port 59754
...

Jul 27 14:25:26 debian-2gb-nbg1-2 kernel: \[18111231.465162\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=87.251.74.223 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=29126 PROTO=TCP SPT=43518 DPT=39219 WINDOW=1024 RES=0x00 SYN URGP=0

"fail2ban match"

MultiHost/MultiPort Probe, Scan, Hack -

Jul 27 14:34:08 debian-2gb-nbg1-2 kernel: \[18111754.191856\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.145.66.64 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59470 PROTO=TCP SPT=53672 DPT=10006 WINDOW=1024 RES=0x00 SYN URGP=0

Jul 27 05:19:06 dignus sshd[8530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.126.83.37
Jul 27 05:19:09 dignus sshd[8530]: Failed password for invalid user mysql from 181.126.83.37 port 37796 ssh2
Jul 27 05:22:46 dignus sshd[8946]: Invalid user autologin from 181.126.83.37 port 55794
Jul 27 05:22:46 dignus sshd[8946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.126.83.37
Jul 27 05:22:48 dignus sshd[8946]: Failed password for invalid user autologin from 181.126.83.37 port 55794 ssh2
...

1595851050 - 07/27/2020 13:57:30 Host: 177.23.191.76/177.23.191.76 Port: 445 TCP Blocked

2020-07-27T13:56:03.164755+02:00  sshd[14428]: Failed password for invalid user diana from 218.29.54.87 port 35931 ssh2

[2020-07-27 08:58:10] NOTICE[1248] chan_sip.c: Registration from '' failed for '145.239.2.29:54384' - Wrong password
[2020-07-27 08:58:10] SECURITY[1275] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-07-27T08:58:10.983-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="3735",SessionID="0x7f27200510e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/145.239.2.29/54384",Challenge="0617269c",ReceivedChallenge="0617269c",ReceivedHash="d44e7e37d4db4c6d421e0b72bd9ad369"
[2020-07-27 08:58:21] NOTICE[1248] chan_sip.c: Registration from '' failed for '145.239.2.29:56753' - Wrong password
...

(sshd) Failed SSH login from 51.178.138.1 (FR/France/vps-fa71e64b.vps.ovh.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jul 27 13:40:43 grace sshd[14934]: Invalid user mass from 51.178.138.1 port 34764
Jul 27 13:40:46 grace sshd[14934]: Failed password for invalid user mass from 51.178.138.1 port 34764 ssh2
Jul 27 13:51:50 grace sshd[16232]: Invalid user gpadmin from 51.178.138.1 port 44144
Jul 27 13:51:52 grace sshd[16232]: Failed password for invalid user gpadmin from 51.178.138.1 port 44144 ssh2
Jul 27 13:57:05 grace sshd[16887]: Invalid user avr from 51.178.138.1 port 58560