Strange SSH login try.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> > Today I saw something strange in logs one of my servers. Part of the
> > /var/log/security:
> >
> > [ ... ]
> >
> > "abcdefgh" is my username to the different machine in the other
> > domain, x.x.x.x it's my workstation. Yesterday, I loged into machine
> > where my login is "abcdefgh" from x.x.x.x. But not to the "server".
> >
> > Anybody has an idea?
>
> looks like a dictionary attack to me; i get these all the time,
> sometimes with sufficient intensity that they crash my gateway router
> (boo!).  these have been discussed recently on-list:
>
> 1) consider running sshd on a nonstandard port to dodge the bulk of this

SSH on "server" is moved from port 22.

> 2) consider using port knocking (i think i remember apf being one
> suggested package)
> 3) make sure you haven't enabled ssh login for any of the generic
> accountnames they use, and make sure your passwords are strong

As I remember, I tried to log to server where my username is
"abcdefgh" using Konqueror and sftp protocol and I couldn't. Today it
works.

Regards.
--
_________________________________________________________________
                         D o m i n i k    S k ? a d a n o w s k i

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux