> From: "Terrance Dwyer" <[EMAIL PROTECTED]> > Date: Wed, 7 Nov 2001 23:40:38 -0800 > Subject: [cobalt-security] SSH > > Can anyone enlighten me as to the meaning of the following log messages. > I'm seeing them with increasing frequency and can't seem to find info > elsewhere.
Judging by those entries, someone is trying to brute-force their way into your system by username/password guesses. Is the hostname this is coming from always the same? If so, and you have a firewall or are running tcpwrappers, block ssh from that host or network (network would be better, that way if the "hacker" switches IP's you're still covered). In the meantime make sure you don't have unnecessary user accounts on your system and that your passwords don't suck (esp the admin/root passwords). You can also use the 'last' command to see who has successfully logged in recently, just to make sure this person hasn't yet. - Ralph _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
