Security Email Report Template | Information Technology Services

Email should be sent to security@csusb.edu

From: John Q. Analyst 
Subject: SSH scan from 139.182.x.y
To: security@csusb.edu

139.182.x.y hit almost 18,000 University addresses this morning with
an SSH scan.  You probably were compromised with some sort of worm.
Here is an excerpt from one systems log:

All times in PST (GMT -0800).

Feb 31 08:50:57 research sshd[68209]: Failed password for root from
139.182.x.y port 50111 ssh1
Feb 31 08:51:01 research sshd[68215]: Failed password for root from
139.182.x.y port 50336 ssh1
Feb 31 08:51:05 research sshd[68228]: Failed password for root from
139.182.x.y port 50513 ssh1
Feb 31 08:51:08 research sshd[68235]: Failed password for root from
139.182.x.y port 50721 ssh1
Feb 31 08:51:08 research sshd[68237]: Failed password for root from
139.182.x.y port 50838 ssh1

If you require add'l info, just let me know!
-JA

--
John Q. Analyst
Extra Watchful University
Institutional Security Office
(999)555-1212

Information Technology Services

support@csusb.edu

(909) 537-7677

PL-1109

Technology Support Available 24/7/365

Technology Support Center Walk-In Hours
Monday - Thursday 7:00 am - 8:00 pm
Friday and Saturday 8:00 am - 5:00 pm
Closed on Sunday

Student Resources for Virtual Learning
Staff Resources for Telecommuting