[TriLUG] Getting, um, probed?
Jeff Groves
jgroves at krenim.org
Wed Aug 4 21:25:11 EDT 2004
Yeah, I saw two attempts on my server, but since I run a very restrictive /etc/hosts.allow
and /hosts.deny combination they didn't get very far.
I wonder if someone's trying out their openssl vulnerability exploiter a la "US-CERT
Technical Cyber Security Alert TA04-078A -- Multiple Vulnerabilities in OpenSSL".
Here are my log entries:
Aug 1 11:31:54 hoover sshd[24482]: refused connect from
ANantes-106-2-2-226.w80-13.abo.wanadoo.fr
Aug 3 07:47:34 hoover sshd[26591]: refused connect from 209.67.60.46
Jeff G.
Brian Henning wrote:
> Hi Y'all,
> I've been seeing a lot of the following in my logwatch lately:
>
> input_userauth_request: illegal user test
> input_userauth_request: illegal user test
> Failed password for illegal user test from 210.205.6.157 port 51389 ssh2
> Failed password for illegal user test from 210.205.6.157 port 51470 ssh2
> Received disconnect from 210.205.6.157: 11: Bye Bye
> Received disconnect from 210.205.6.157: 11: Bye Bye
>
> The source IP will differ from day to day, so I can't just block that
> particular IP at the firewall.. Anyone else getting a lot of this sort of
> breakin-attempt lately? Should I be concerned?
>
> Cheers,
> ~Brian
>
More information about the TriLUG
mailing list