Brian Henning [EMAIL PROTECTED] wrote: > Hi Y'all, > I've been seeing a lot of the following in my logwatch lately: > > input_userauth_request: illegal user test > input_userauth_request: illegal user test > Failed password for illegal user test from 210.205.6.157 port 51389 ssh2 > Failed password for illegal user test from 210.205.6.157 port 51470 ssh2 > Received disconnect from 210.205.6.157: 11: Bye Bye > Received disconnect from 210.205.6.157: 11: Bye Bye
Read this thread: http://seclists.org/lists/incidents/2004/Jul/0065.html > The source IP will differ from day to day, so I can't just block that > particular IP at the firewall.. Anyone else getting a lot of this sort of > breakin-attempt lately? Should I be concerned? As long as your ssh is nice and patched and you don't have the test or guest accounts, you're set. Mike -- "Spare me your space-age technobabble Atilla The Hun!" -- Zapp Brannigan GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1 GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
