[TriLUG] Getting, um, probed?

Brian Henning lugmail at cheetah.dynip.com
Wed Aug 4 20:21:10 EDT 2004


Hi Y'all,
  I've been seeing a lot of the following in my logwatch lately:

input_userauth_request: illegal user test
input_userauth_request: illegal user test
Failed password for illegal user test from 210.205.6.157 port 51389 ssh2
Failed password for illegal user test from 210.205.6.157 port 51470 ssh2
Received disconnect from 210.205.6.157: 11: Bye Bye
Received disconnect from 210.205.6.157: 11: Bye Bye

The source IP will differ from day to day, so I can't just block that
particular IP at the firewall..  Anyone else getting a lot of this sort of
breakin-attempt lately?  Should I be concerned?

Cheers,
~Brian




More information about the TriLUG mailing list