Also, one of the accounts being tried here is "guest" which is a common Microsoft account. Makes me wonder if they aren't looking to hack Windows systems.
-Bob
Jenkins, Jeremiah wrote:
There are some script kiddies out there running automated attacks. If you look at your secure log /var/log/secure, you will see that they try for a few times then move on. if you google on the error message you will find numerous threads on the subject.
-----Original Message----- From: Nathaniel Hall [mailto:halln@xxxxxxx] Sent: Tuesday, August 03, 2004 12:23 PM To: redhat-list@xxxxxxxxxx Subject: Attempted SSH Logins
Hi all.
I have been monitoring our logs over the past several weeks using logwatch and have noticed several of these entries (known entries omitted):
sshd:
Invalid Users:
Unknown Account: 5 Time(s)
Authentication Failures:
test (server.bes1.com ): 2 Time(s)
root (server.bes1.com ): 3 Time(s)
unknown (server.bes1.com ): 4 Time(s)
The source addresses vary. I always see the same accounts from different addresses with a different number of tries. When I see these, there is only one source, never a mix of sources. The next day, it might be a different source, but it is the only one.
Is anybody else seeing this in their logs where I shouldn't be as worried or is this directed at us?
~~~~~~~~~~~~~~~~~~~~~~~~~~
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln@xxxxxxx
417-799-0552
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
