Dear MyCERT,

I am a network security engineer from XXCorporation and I am writing to inform you that we have noticed hack attempts to access machine(s) on our network that seem to have originated from a machine with the IP address xx.xx.183.

On May-11-2005 this machine attempted to run some sort of password guessing program on a machine (xx.xx.com) on our network.

We are reporting to you regarding this activity from the particular source IP address and request your assistance in tracking down the nature of this activity on our network. We deem any periodic failed connections such as these as a possible threat to the security of our networks.

Attached is portion of logs indicating the activities.

Thank you for your time and assistance.

--------LOG-------
Sample log records (all times displayed with 24 hour clock, GMT+8):

May 11 07:51:29 sshd[9200]: Did not receive identification string from xx.xx.xx.2
May 11 08:01:23 sshd[9396]: Illegal user test from xx.xx.xx.2
May 11 08:01:26 sshd[9398]: Illegal user guest from xx.xx.xx.2
May 11 08:01:29 sshd[9400]: Illegal user admin from xx.xx.xx.2
May 11 08:01:32 sshd[9402]: Illegal user admin from xx.xx.xx.2
May 11 08:01:36 sshd[9404]: Illegal user user from xx.xx.xx.2
May 11 08:01:41 sshd[9408]: Failed password for root from xx.xx.xx.2 port 37249 ssh2
May 11 08:01:44 sshd[9410]: Failed password for root from xx.xx.xx.2 port 37361 ssh2
May 11 08:01:47 sshd[9412]: Failed password for root from xx.xx.xx.2 port 37429 ssh2
May 11 08:01:51 sshd[9415]: Illegal user test from xx.xx.xx.2

-------------------------