Attempted SSH Logins
Jenkins, Jeremiah
jeremiah.jenkins at neustar.biz
Tue Aug 3 16:31:27 UTC 2004
There are some script kiddies out there running automated attacks. If you
look at your secure log /var/log/secure, you will see that they try for a
few times then move on. if you google on the error message you will find
numerous threads on the subject.
-----Original Message-----
From: Nathaniel Hall [mailto:halln at otc.edu]
Sent: Tuesday, August 03, 2004 12:23 PM
To: redhat-list at redhat.com
Subject: Attempted SSH Logins
Hi all.
I have been monitoring our logs over the past several weeks using logwatch
and have noticed several of these entries (known entries omitted):
sshd:
Invalid Users:
Unknown Account: 5 Time(s)
Authentication Failures:
test (server.bes1.com ): 2 Time(s)
root (server.bes1.com ): 3 Time(s)
unknown (server.bes1.com ): 4 Time(s)
The source addresses vary. I always see the same accounts from different
addresses with a different number of tries. When I see these, there is only
one source, never a mix of sources. The next day, it might be a different
source, but it is the only one.
Is anybody else seeing this in their logs where I shouldn't be as worried or
is this directed at us?
~~~~~~~~~~~~~~~~~~~~~~~~~~
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list