[TriLUG] Getting, um, probed?
Brian Henning
lugmail at cheetah.dynip.com
Wed Aug 4 20:21:10 EDT 2004
Hi Y'all,
I've been seeing a lot of the following in my logwatch lately:
input_userauth_request: illegal user test
input_userauth_request: illegal user test
Failed password for illegal user test from 210.205.6.157 port 51389 ssh2
Failed password for illegal user test from 210.205.6.157 port 51470 ssh2
Received disconnect from 210.205.6.157: 11: Bye Bye
Received disconnect from 210.205.6.157: 11: Bye Bye
The source IP will differ from day to day, so I can't just block that
particular IP at the firewall.. Anyone else getting a lot of this sort of
breakin-attempt lately? Should I be concerned?
Cheers,
~Brian
More information about the TriLUG
mailing list