brute force ssh attack
Jeff Vian
jvian10 at charter.net
Thu May 5 01:47:07 UTC 2005
On Wed, 2005-05-04 at 18:23 -0700, Daniel B. Thurman wrote:
> Folks,
>
> Seems that I am getting daily brute-force ssl attacks --
> Anything I can or should do?
>
> Here is the System Logs:
> =======================================
> May 4 01:01:50 linux sshd[10438]: Did not receive identification string from ::ffff:194.65.138.98
> May 4 01:04:44 linux sshd[10448]: Illegal user temp from ::ffff:194.65.138.98
> May 4 01:04:57 linux sshd[10448]: Failed password for illegal user temp from ::ffff:194.65.138.98 port 52888 ssh2
snip
> May 4 13:07:04 linux sshd[24906]: Failed password for illegal user admins from ::ffff:209.76.72.12 port 52516 ssh2
> May 4 13:07:04 linux sshd[24908]: Illegal user admins from ::ffff:209.76.72.12
> May 4 13:07:07 linux sshd[24908]: Failed password for illegal user admins from ::ffff:209.76.72.12 port 52610 ssh2
>
I set my firewall to block ssh from everywhere except the few places I
might use for remote access. It drastically cut down the attempts to
get in. I now only get hit from one or 2 IPs a day.
More information about the users
mailing list