Hey Fil, I too have been getting daily SSH attempts. Running:
grep Illegal /var/log/auth.log usually reveals something like: Sep 20 07:10:32 localhost sshd[7326]: Illegal user test from ::ffff:203.71.62.9 Sep 20 07:10:34 localhost sshd[7328]: Illegal user guest from ::ffff:203.71.62.9 Sep 20 07:10:36 localhost sshd[7330]: Illegal user admin from ::ffff:203.71.62.9 etc According to a friend of mine (he's getting scanned to) it's someone from Japan scanning the Internet for insecure boxes. My guess is that someone has control of a hoard of zombies and is scanning around randomly. As long as you aren't using insecure passwords and you're system is up-to-date there's nothing they can do. Also, I don't recommend allowing root SSH access...make sure you're using sudo instead. nullobject. On Sun, 26 Sep 2004 13:12:46 +1000, Phil Scarratt <[EMAIL PROTECTED]> wrote: > Howdy > > Over the last 3-4 days all machines under my control with public access > have logged attempts by someone(people) to log in via ssh (only port > that is open on the machines). They've tried usernames like test, admin, > root and a half a dozen other generic system usernames. They're using, > in some cases, unresolvable ip addresses, and some of the same ip > addresses pop up on totally unrelated machines. As far as I can tell > they haven't succeeded. > > Anyone else been getting such attacks? Just seems a little odd that all > of a sudden after a long period of silence, someone (peoples) tries now. > > Fil > > -- > ^__^ > / \ F I R E F O X > \ / www.getfirefox.com > \ \___ > \ _/ /| > \ \___/ | > \ / > \_____/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
