[TriLUG] Getting, um, probed?
Mike Johnson
mike at enoch.org
Wed Aug 4 22:29:09 EDT 2004
Brian Henning [lugmail at cheetah.dynip.com] wrote:
> Hi Y'all,
> I've been seeing a lot of the following in my logwatch lately:
>
> input_userauth_request: illegal user test
> input_userauth_request: illegal user test
> Failed password for illegal user test from 210.205.6.157 port 51389 ssh2
> Failed password for illegal user test from 210.205.6.157 port 51470 ssh2
> Received disconnect from 210.205.6.157: 11: Bye Bye
> Received disconnect from 210.205.6.157: 11: Bye Bye
Read this thread:
http://seclists.org/lists/incidents/2004/Jul/0065.html
> The source IP will differ from day to day, so I can't just block that
> particular IP at the firewall.. Anyone else getting a lot of this sort of
> breakin-attempt lately? Should I be concerned?
As long as your ssh is nice and patched and you don't have the test or
guest accounts, you're set.
Mike
--
"Spare me your space-age technobabble Atilla The Hun!" -- Zapp Brannigan
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
More information about the TriLUG
mailing list