Strange SSH login try.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mar 13, 2006, at 6:43 AM, Dominik Sk?adanowski wrote:

> Hello list.
>
> Today I saw something strange in logs one of my servers. Part of the
> /var/log/security:
>
> Mar 12 15:01:03 server sshd[28505]: Invalid user abc  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28503]: Invalid user ab  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28507]: Invalid user abcd  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28509]: Invalid user abcde  
> from ::ffff:x.x.x.x
> Mar 12 15:01:03 server sshd[28511]: Invalid user abcdef  
> from ::ffff:x.x.x.x
> Mar 12 15:01:04 server sshd[28515]: Invalid user abcdefgh  
> from ::ffff:x.x.x.x
> Mar 12 15:01:04 server sshd[28513]: Invalid user abcdefg  
> from ::ffff:x.x.x.x
>
> "abcdefgh" is my username to the different machine in the other
> domain, x.x.x.x it's my workstation. Yesterday, I loged into machine
> where my login is "abcdefgh" from x.x.x.x. But not to the "server".
>
> Anybody has an idea?

looks like a dictionary attack to me; i get these all the time,  
sometimes with sufficient intensity that they crash my gateway router  
(boo!).  these have been discussed recently on-list:

1) consider running sshd on a nonstandard port to dodge the bulk of this
2) consider using port knocking (i think i remember apf being one  
suggested package)
3) make sure you haven't enabled ssh login for any of the generic  
accountnames they use, and make sure your passwords are strong

-steve

---
If this were played upon a stage now, I could condemn it as an  
improbable fiction. - Fabian, Twelfth Night, III,v


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux