TCP (SYN) 88.218.17.103:41834 -> port 3389, len 44

Oct 11 18:04:17 srv-ubuntu-dev3 sshd[33823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.13  user=root
Oct 11 18:04:19 srv-ubuntu-dev3 sshd[33823]: Failed password for root from 112.85.42.13 port 55842 ssh2
Oct 11 18:04:22 srv-ubuntu-dev3 sshd[33823]: Failed password for root from 112.85.42.13 port 55842 ssh2
Oct 11 18:04:17 srv-ubuntu-dev3 sshd[33823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.13  user=root
Oct 11 18:04:19 srv-ubuntu-dev3 sshd[33823]: Failed password for root from 112.85.42.13 port 55842 ssh2
Oct 11 18:04:22 srv-ubuntu-dev3 sshd[33823]: Failed password for root from 112.85.42.13 port 55842 ssh2
Oct 11 18:04:17 srv-ubuntu-dev3 sshd[33823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.13  user=root
Oct 11 18:04:19 srv-ubuntu-dev3 sshd[33823]: Failed password for root from 112.85.42.13 port 55842 ssh2
Oct 11 18
...

(sshd) Failed SSH login from 120.239.196.94 (CN/China/Guangdong/Guangzhou/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 08:14:39 atlas sshd[19662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.239.196.94  user=root
Oct 11 08:14:41 atlas sshd[19662]: Failed password for root from 120.239.196.94 port 53520 ssh2
Oct 11 08:26:55 atlas sshd[23119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.239.196.94  user=root
Oct 11 08:26:56 atlas sshd[23119]: Failed password for root from 120.239.196.94 port 37896 ssh2
Oct 11 08:29:46 atlas sshd[23705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.239.196.94  user=root

Oct 11 01:50:38 ssh2 sshd[34372]: Invalid user admin from 185.42.170.203 port 42213
Oct 11 01:50:39 ssh2 sshd[34372]: Failed password for invalid user admin from 185.42.170.203 port 42213 ssh2
Oct 11 01:50:39 ssh2 sshd[34372]: Connection closed by invalid user admin 185.42.170.203 port 42213 [preauth]
...

Oct 11 10:21:40 vps46666688 sshd[14942]: Failed password for root from 82.196.14.163 port 36796 ssh2
...

Unauthorized connection attempt from IP address 37.151.32.27 on Port 445(SMB)

Oct 10 20:18:13  kernel: [22528.514245] IN=enp34s0 OUT= MAC=SERVERMAC SRC=59.46.13.137 DST=MYSERVERIP LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58583 PROTO=TCP SPT=41713 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0  Ports: 1433

Unauthorized connection attempt from IP address 103.111.70.12 on Port 445(SMB)

[HOST2] Port Scan detected

Oct 11 18:41:33 ift sshd\[52273\]: Failed password for root from 51.255.47.133 port 43328 ssh2Oct 11 18:45:12 ift sshd\[52997\]: Invalid user leslie from 51.255.47.133Oct 11 18:45:14 ift sshd\[52997\]: Failed password for invalid user leslie from 51.255.47.133 port 49372 ssh2Oct 11 18:48:47 ift sshd\[53538\]: Invalid user katharina from 51.255.47.133Oct 11 18:48:49 ift sshd\[53538\]: Failed password for invalid user katharina from 51.255.47.133 port 55422 ssh2
...

Oct 11 17:23:50 srv-ubuntu-dev3 sshd[28725]: Invalid user holly from 49.234.126.35
Oct 11 17:23:50 srv-ubuntu-dev3 sshd[28725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.126.35
Oct 11 17:23:50 srv-ubuntu-dev3 sshd[28725]: Invalid user holly from 49.234.126.35
Oct 11 17:23:52 srv-ubuntu-dev3 sshd[28725]: Failed password for invalid user holly from 49.234.126.35 port 51068 ssh2
Oct 11 17:26:26 srv-ubuntu-dev3 sshd[29035]: Invalid user yoshizumi from 49.234.126.35
Oct 11 17:26:26 srv-ubuntu-dev3 sshd[29035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.126.35
Oct 11 17:26:26 srv-ubuntu-dev3 sshd[29035]: Invalid user yoshizumi from 49.234.126.35
Oct 11 17:26:28 srv-ubuntu-dev3 sshd[29035]: Failed password for invalid user yoshizumi from 49.234.126.35 port 49978 ssh2
Oct 11 17:29:01 srv-ubuntu-dev3 sshd[29328]: Invalid user duncan from 49.234.126.35
...

Use Brute-Force

Unauthorized connection attempt from IP address 103.81.114.103 on Port 445(SMB)

[2020-10-11 12:04:24] NOTICE[1182] chan_sip.c: Registration from '"9900" ' failed for '45.143.221.41:7384' - Wrong password
[2020-10-11 12:04:24] SECURITY[1204] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-10-11T12:04:24.226-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9900",SessionID="0x7f22f854d238",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.221.41/7384",Challenge="680a328f",ReceivedChallenge="680a328f",ReceivedHash="1e6e62d2c5d20e0f03dc77bd5f78bb79"
[2020-10-11 12:04:24] NOTICE[1182] chan_sip.c: Registration from '"9900" ' failed for '45.143.221.41:7384' - Wrong password
[2020-10-11 12:04:24] SECURITY[1204] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-10-11T12:04:24.402-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9900",SessionID="0x7f22f83b6678",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45
...

22 attempts against mh-misbehave-ban on sonic