Hi Gabor, Moving sshd off port 22 to any non-standard port worked fine for me. Most attacks are too lazy to do a full portscan, so if they don't find the default port open, they just move to the next host. Of course, this is assuming that the attack chose you at random. If it's a targeted attack, this won't help very much...
Cheers, Rony -----Original Message----- From: linux-il-boun...@cs.huji.ac.il [mailto:linux-il-boun...@cs.huji.ac.il] On Behalf Of Gabor Szabo Sent: Sunday, January 03, 2010 4:34 PM To: linux-il Subject: What to do with a constant flow of attempts to login to my compuet? I just noticed someone bombarding my machine trying to login via ssh. >>From auth.log Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user amavisd from 202.138.142.216 port 35172 ssh2 Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user clamav from 202.138.142.216 port 39941 ssh2 Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216 Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216 Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user clamav from 202.138.142.216 port 35699 ssh2 Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user appserver from 202.138.142.216 port 40470 ssh2 So what is your suggestion. What to do with it? Gabor _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
