I just jumped into the command line and noticed kernel messages for failed ssh2 login attempts for bogus users.
Checking my logs it turns out that someone has been trying to hack into my ADSL connected computer since the 9th with a brute force script trying different usernames and passwords. I've blocked ssh access for the moment. Questions: (1) Is there some desktop monitoring utility that will immediately notify me of suscpious behaviour? I'm rather disturbed that it's taken me 4 days to notice this. (2) Recommendations for log parsing software that monitors suspicious logs? (3) Recommended strategies for dealing with break in attempts like this? Ban the IPs for a while? Thanks!
