Re: CentOS6 - Break in attempt? What is the Exploit?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Gordon Messmer wrote:
>
>> > In other words, the
>> >hostkeys would be identical.
>
> I think what the error indicates is that a client tried to connect to
> SSH, and the host key there did not match the fingerprint in the
> client's "known_hosts" database.
>
>> >It seems to me that someone attempted an ssh connection while spoofing
>> >our internal address.  Is such a thing even possible? If so then how
>> >does it work?
>
> In the situation as you've described it, probably not.
>
> It would be best to go to your logs themselves for the full log entry
> and context, rather than relying on a report that summarizes log entries.

Looks like someone trying to break in. You *are* running fail2ban, are you
not? If not, you need to install and fire it up, now.

I see a *lot* of this... but then, I work for a US gov't federal
contractor (civilian sector), and let me assure you, I get tired of all
the attempts from China, Brazil, and other places trying to ssh in - it
really clutters my logfiles.

         mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux