Re: [newbie] Re: FYI - ssh security

Bryan Phinney Mon, 27 Dec 2004 16:08:32 -0800

Output from BFD:

The remote system 63.203.221.245 was found to have exceeded acceptable login 
failures on system.my.domain. As such the attacking host has been banned from 
further accessing this system; for the integrity of your host you should 
investigate this event as soon as possible.


The following are event logs for exceeded login failures from 63.203.221.245 
on service sshd (all time stamps are GMT -0500):
----
- Executed actions:
/sbin/shorewall drop 63.203.221.245

- Log events from /var/log/messages:
Dec 27 18:07:23 hostname sshd[9060]: Invalid user test from 63.203.221.245
Dec 27 18:07:23 hostname sshd[9060]: Failed password for invalid user test 
from 63.203.221.245 port 55692 ssh2
Dec 27 18:07:25 hostname sshd[9065]: Invalid user guest from 63.203.221.245
Dec 27 18:07:25 hostname sshd[9065]: Failed password for invalid user guest 
from 63.203.221.245 port 55753 ssh2
Dec 27 18:07:26 hostname sshd[9071]: Invalid user admin from 63.203.221.245
Dec 27 18:07:26 hostname sshd[9071]: Failed password for invalid user admin 
from 63.203.221.245 port 55809 ssh2
Dec 27 18:07:28 hostname sshd[9076]: Invalid user admin from 63.203.221.245
Dec 27 18:07:28 hostname sshd[9076]: Failed password for invalid user admin 
from 63.203.221.245 port 55868 ssh2
Dec 27 18:07:29 hostname sshd[9081]: Invalid user user from 63.203.221.245
Dec 27 18:07:29 hostname sshd[9081]: Failed password for invalid user user 
from 63.203.221.245 port 55932 ssh2
Dec 27 18:07:31 hostname sshd[9086]: Failed password for invalid user root 
from 63.203.221.245 port 55992 ssh2
Dec 27 18:07:32 hostname sshd[9091]: Failed password for invalid user root 
from 63.203.221.245 port 56055 ssh2
Dec 27 18:07:34 hostname sshd[9096]: Failed password for invalid user root 
from 63.203.221.245 port 56120 ssh2
Dec 27 18:07:35 hostname sshd[9101]: Invalid user test from 63.203.221.245
Dec 27 18:07:35 hostname sshd[9101]: Failed password for invalid user test 
from 63.203.221.245 port 56177 ssh2
Dec 27 18:08:00 hostname BFD(9112): {sshd} 63.203.221.245 exceeded maximum 
login failures; executed ban command '/sbin/shorewall drop 63.203.221.245'.

-- 
Bryan Phinney

____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Re: [newbie] Re: FYI - ssh security

Reply via email to