"I was hoping that somebody may know of a site where user access scripts may be downloaded, I would like to see how such a script may be written. Any ideas?"
I don't know where to find such a script but such a script would be easy to write. You would start with the commands to log onto the target site. Then you would add the commands to save the replies. Then you would put these commands within a loop which varies the user name and/or password.
I think that the first attack that you posted was made with a script that looped while changing the user names and checked the replies for either invalid user name or invalid password. The replies that indicated invalid password meant that the user name was valid. At least I think that was the intent of the program.
I think that the messages of type:
Apr 15 16:36:06 zeta sshd(pam_unix)[2852]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.219.250.124 user=daemon
show the same script being run again.
I do not understand the messages of type
Apr 16 09:17:56 zeta kernel: FW: Mangle-PREROUTING IN=eth0 OUT= MAC=00:10:a7:0c:16:e5:00:05:dd:22:fc:3c:08:00 SRC=210.219.250.124 DST=213.114.51.45 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=32770 DPT=61997 WINDOW=5840 RES=0x00 ACK SYN URGP=0
well enough to understand exactly what the script is attempting to do other than the script seems to be sending the same command over and over and varying only one parameter each time.
I agree that this guy is a moron. Over time he might find a combination of commands and passwords that match a valid access attempt to your system. But only a moron would assume that you would not notice the millions of authentication failures he has to generate
while searching for a way to break in.
The other thing that you could do is to block the block of ISP numbers that the Korean system is using. If this is somebody like a college student then he probably does not have the use of a lot of ISPs and blocking him may end the attack. If this is something like a spammer looking for potential zombies then blocking the Korean system will not slow down the attack very much.
___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html
Steve Stites