[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SSH

Rick O'Dell wrote:

	I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
unauthorized user trying to login. It list dozens of passwords they have
tried. I have dumped the Ip address into host deny file, but next day a new
ip address (possibly on a dialup). My question is, what if I disable SSH or
is this a no no??????? What are the adverse effects to me???

I'm not sure I understand the situation, whether unauthorized users are trying to get in via ssh or by talking to Postfix on port 25. But if it's ssh, some friends and I noticed a month or so ago a signficant increase in the number of login attempts with bogus IDs via ssh. Many of the source addresses were from southeast asia, if that matters. We're not sure if some new script kit was making the rounds or what, but to dodge the bullet, and reduce the size of the logging, we all moved sshd to listening on ports other than the default 22. I set some of my boxes to 2322, for example, and virtually all those bogus attempts disappeared.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]