On Sun, 19 Feb 2012, Denis Heidtmann wrote: > I found that on Friday the auth.log shows many (over 300) messages such > as: > > 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE BREAK-IN > ATTEMPT! > Feb 17 16:56:10 R2D4 sshd[2649]: Invalid user rookie from 23.19.81.173 > Feb 17 16:56:16 R2D4 sshd[2651]: reverse mapping checking getaddrinfo > for 23.19.81.173.rdns.ubiquity.io [23.19.81.173] failed - POSSIBLE > BREAK-IN ATTEMPT!
Denis, Almost every morning my ssh logs show cracking attempts: invalid user, bad password, reverse mapping failures, attempts to log in as postfix, dovecot, etc. I ignore them since they all failed. All I look for are ssh logins that succeeded: mine from my portable and my partner when we're sharing data. Some days the log shows tens-of-thousands of attempts by script kiddies using password dictionaries and lists of login names. In 15 years no unauthorized user has cracked our network. Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
