Hallo

Im auth.log meines Linux-Servers habe ich folgendes gefunden:

##############

Dec 27 19:30:23 mars sshd[7089]: Illegal user rolo from ::ffff:67.18.223.186
Dec 27 19:30:25 mars sshd[7091]: Illegal user iceuser from ::ffff:67.18.223.186
Dec 27 19:30:25 mars sshd[7091]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:26 mars sshd[7093]: Illegal user horde from ::ffff:67.18.223.186
Dec 27 19:30:26 mars sshd[7093]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:28 mars sshd[7095]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:28 mars sshd[7089]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:29 mars sshd[7097]: Illegal user www from ::ffff:67.18.223.186
Dec 27 19:30:29 mars sshd[7097]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:31 mars sshd[7099]: Illegal user wwwrun from ::ffff:67.18.223.186
Dec 27 19:30:31 mars sshd[7099]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:32 mars sshd[7101]: Illegal user matt from ::ffff:67.18.223.186
Dec 27 19:30:32 mars sshd[7101]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:34 mars sshd[7103]: Illegal user test from ::ffff:67.18.223.186
Dec 27 19:30:34 mars sshd[7103]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:35 mars sshd[7105]: Illegal user test from ::ffff:67.18.223.186
Dec 27 19:30:35 mars sshd[7105]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:37 mars sshd[7107]: Illegal user test from ::ffff:67.18.223.186
Dec 27 19:30:37 mars sshd[7107]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:38 mars sshd[7109]: Illegal user test from ::ffff:67.18.223.186
Dec 27 19:30:38 mars sshd[7109]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:40 mars sshd[7111]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:41 mars sshd[7113]: Illegal user mysql from ::ffff:67.18.223.186
Dec 27 19:30:41 mars sshd[7113]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:43 mars sshd[7115]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:44 mars sshd[7117]: Illegal user adm from ::ffff:67.18.223.186
Dec 27 19:30:44 mars sshd[7117]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:45 mars sshd[7119]: Illegal user apache from ::ffff:67.18.223.186
Dec 27 19:30:47 mars sshd[7121]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:48 mars sshd[7123]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:50 mars sshd[7125]: Illegal user adm from ::ffff:67.18.223.186
Dec 27 19:30:50 mars sshd[7125]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:51 mars sshd[7119]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:51 mars sshd[7127]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:53 mars sshd[7129]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:54 mars sshd[7131]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:56 mars sshd[7133]: Illegal user jane from ::ffff:67.18.223.186
Dec 27 19:30:56 mars sshd[7133]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:57 mars sshd[7135]: Illegal user pamela from ::ffff:67.18.223.186
Dec 27 19:30:57 mars sshd[7135]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:30:59 mars sshd[7137]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:00 mars sshd[7139]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:02 mars sshd[7141]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:03 mars sshd[7143]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:05 mars sshd[7145]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:06 mars sshd[7147]: Illegal user cosmin from ::ffff:67.18.223.186

Dec 27 19:31:32 mars sshd[7183]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:34 mars sshd[7185]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:35 mars sshd[7187]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:37 mars sshd[7189]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:38 mars sshd[7191]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:40 mars sshd[7193]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:41 mars sshd[7195]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:43 mars sshd[7197]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:44 mars sshd[7199]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:46 mars sshd[7201]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:47 mars sshd[7203]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:50 mars sshd[7207]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:52 mars sshd[7209]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:53 mars sshd[7211]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:54 mars sshd[7205]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:55 mars sshd[7213]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:56 mars sshd[7216]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:58 mars sshd[7218]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:31:59 mars sshd[7220]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:00 mars sshd[7222]: Illegal user cip52 from ::ffff:67.18.223.186
Dec 27 19:32:00 mars sshd[7222]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:02 mars sshd[7224]: Illegal user cip51 from ::ffff:67.18.223.186
Dec 27 19:32:02 mars sshd[7224]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:03 mars sshd[7226]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:05 mars sshd[7228]: Illegal user noc from ::ffff:67.18.223.186
Dec 27 19:32:05 mars sshd[7228]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:06 mars sshd[7230]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:08 mars sshd[7232]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:09 mars sshd[7234]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!
Dec 27 19:32:11 mars sshd[7237]: reverse mapping checking getaddrinfo for 186.67-18-223.reverse.theplanet.com failed - POSSIBLE BREAKIN ATTEMPT!

...
##############

Ich nehme mal an da versucht jemand via SSH auf meinen Server zu gelangen. Hilft mir die IP nun weiter? Ist theplanet.com zwingend der ISP des Angreifers oder kann er diese vortäuschen? (d.h. es nützt nichts wenn ich mich an theplanet.com wende ?)

Kennt jemand eine Möglichkeit wie man solche Versuche unterbinden kann? z.B. die IP blocken nach x Fehlversuchen?

Gruss Mathias