There are some script kiddies out there running automated attacks. If you look at your secure log /var/log/secure, you will see that they try for a few times then move on. if you google on the error message you will find numerous threads on the subject. -----Original Message----- From: Nathaniel Hall [mailto:halln@xxxxxxx] Sent: Tuesday, August 03, 2004 12:23 PM To: redhat-list@xxxxxxxxxx Subject: Attempted SSH Logins Hi all. I have been monitoring our logs over the past several weeks using logwatch and have noticed several of these entries (known entries omitted): sshd: Invalid Users: Unknown Account: 5 Time(s) Authentication Failures: test (server.bes1.com ): 2 Time(s) root (server.bes1.com ): 3 Time(s) unknown (server.bes1.com ): 4 Time(s) The source addresses vary. I always see the same accounts from different addresses with a different number of tries. When I see these, there is only one source, never a mix of sources. The next day, it might be a different source, but it is the only one. Is anybody else seeing this in their logs where I shouldn't be as worried or is this directed at us? ~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel Hall Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking halln@xxxxxxx 417-799-0552 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
