Someone is doing a lot of dictionary attacks over ssh. Found this in my
logs.
Nov 18 19:11:36 tower1 sshd[15507]: Failed password for illegal user
home from 217.222.89.228 port 52073 ssh2
Nov 18 19:11:39 tower1 sshd[15510]: Failed password for ftp from
217.222.89.228 port 52257 ssh2
Nov 18 19:11:39 tower1 sshd[15509]: Failed password for ftp from
217.222.89.228 port 52257 ssh2
Nov 18 19:11:41 tower1 sshd[15512]: Failed password for root from
217.222.89.228 port 52449 ssh2
Nov 18 19:11:41 tower1 sshd[15511]: Failed password for root from
217.222.89.228 port 52449 ssh2
Nov 18 19:11:44 tower1 sshd[15514]: Failed password for root from
217.222.89.228 port 52653 ssh2
Nov 18 19:11:44 tower1 sshd[15513]: Failed password for root from
217.222.89.228 port 52653 ssh2
Nov 18 19:11:47 tower1 sshd[15515]: Illegal user router from
217.222.89.228
Nov 18 19:11:47 tower1 sshd[15516]: input_userauth_request: illegal user
router
Nov 18 19:11:47 tower1 sshd[15515]: Failed password for illegal user
router from 217.222.89.228 port 52851 ssh2
Nov 18 19:11:50 tower1 sshd[15518]: Failed password for games from
217.222.89.228 port 53068 ssh2
Nov 18 19:11:50 tower1 sshd[15517]: Failed password for games from
217.222.89.228 port 53068 ssh2
Did some research and posted that on my website.
www.digitaloverload.net
This is the reason I switched to public key authentication.
-- Damien Hull <dhull@digitaloverload.net> --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Fri Nov 19 12:57:15 2004
This archive was generated by hypermail 2.1.8 : Fri Nov 19 2004 - 12:57:16 AKST