tags 307585 wontfix stop On Wed, 04 May 2005, Anand Kumria wrote:
> Package: logcheck > Version: 1.2.39 > Severity: wishlist > > Hi, > > With more and more Internet background radiation, entries like the > following: > > sshd[26955]: Illegal user patrick from ::ffff:64.227.232.25 > sshd[26862]: Failed password for illegal user rolo from ::ffff:64.227.232.25 > port 3396 ssh2 > sshd[26869]: error: Could not get shadow information for NOUSER > > are fairly common. It would be good if these log messages were filtered > out in the server install (there is another set of messages if the user > actually exists). well i'm surprised we didn't get a bug report earlier. logcheck needs to trade between worthwile messages and not. the fact that an dict attack to any box is going on is worthwile to be reported. one should consider restring acces to ssh to trusted ips either with tcpwrappers or iptables. another possiblity would be to use the recent module in iptables to reduce the nr. of new connection to the ssh port. but i'll leave that open for discussion on logcheck-devel. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]