Re: Repeated attacks via SSH
Tod McQuillin wrote:
> What happens is that there are two kinds of messages from ssh in
> /var/log/auth.log. When an attacker tries a nonexistent user, you get
>
> Oct 2 13:00:03 plexi sshd[79194]: Illegal user bob from 83.142.49.11
>
> When an attacker tries an existing user, you get
>
> Oct 2 13:01:47 plexi sshd[79286]: Failed password for www from
> 83.142.49.11 port 42480 ssh2
I happen to see different entries in my daily security run output:
Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2
So I guess I am noticed about both kinds of attacks.
By the way, does anyone of you see a threat in disclosing this kind of
log output to the network abuse departments of the corresponding
hosters? Often, I encounter intrusion attempts from rented servers where
there is an authority above the abuser able to step in.
And --on an unrelated matter-- funny to see that we even have trolls
here. :)
Cheers
Clemens
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 14 之 23 篇):