[TriLUG] list newbie has stuff to give away (gmail type stuff)
Turnpike Man
turnpike420 at yahoo.com
Tue Aug 24 10:49:31 EDT 2004
Strangely enough, I never had those multiple ssh login attempts for nearly 3
years... then my IP address finally changes with RR and I suddenly get them, as
many as 3-4 different attempts each week, whichever IP hits me covers all those
possibles; test, guest, admin and most recently even root showed up. I also
use IPTABLES. I started to wonder if I ended up with an IP on someone's sh*t
list. I've traced all the IPs that have hit me in this manner to China and
Korea. At this point, I'm vigilantly keeping my system updated, and having
faith in linux (b/c I'm not going to turn off ssh). I have never seen the same
IP twice (except on multiple attempts that were logged at the same time).
Another thought I had, when I was originally only seeing test and guest and
admin was some crazy Microsoft based worm was doing it... but when I saw root
attempts most recently, I guess that idea was no good. Currently I'm not
adding these IPs to any blocking, as there are no repeats so far, so what's the
point.
any thoughts from anyone else on this would be interesting to read.
laters,
David M.
ps, I'm already gmailified. :)
--- James Lloyd Beidler <james at layyze.com> wrote:
I'm willing to give one away to
> anyone that can give me a simple and elegant way to automatically block
> IPs of people that make multiple attempts at sshing into my machine
> using accounts that do not exist (ie. test, guest, admin). I use
> IPTABLES ;)
> -James
>
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
More information about the TriLUG
mailing list