> > Some questions: > > - Anyone else getting this? > > - Wouldn't these connections just get dumped because their forward > and reverse addresses don't match? > > - Does anyone recognize these usernames? Yeah I have this before from multiple IPs. Its seems to be a similar script to the ones earlier useing test and admin with an expanded username list. It also seems to me that they are system names, variations of system names, and/or possible names that a user may use to run a service. The safest be for this is to make sure that any user in /etc/passwd and /etc/shadow has there shell set to nologin that doesn't need SSH and also to make sure that the FTP is disabled for them. Make sure all your users have secure passwords. Hard to do, I understand. I even get them on a Dynamic IP at home, well not lately since I installed the FW/router, so its not a targetted attack. -- Mike Ramirez <mike@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
