On Jul 24, 2004 at 06:48, Thomas Sapp in a soothing rage wrote: >On Sat, 2004-07-24 at 06:28, Edwin Dicker wrote: >> The last two days i got bugged by someone from korea and someone from japan. >> his is what i find in my LogWatch : >> --------------------- SSHD Begin ------------------------ >> >> >> Failed logins from these: >> guest/password from ::ffff:211.119.136.170: 1 Time(s) >> test/password from ::ffff:211.119.136.170: 1 Time(s) >> >> Illegal users from these: >> guest/none from ::ffff:211.119.136.170: 1 Time(s) >> guest/password from ::ffff:211.119.136.170: 1 Time(s) >> test/none from ::ffff:211.119.136.170: 1 Time(s) >> test/password from ::ffff:211.119.136.170: 1 Time(s) >> >> is this a known hack attempt by some sort of program ? because for both >> tries the same usernames have been tried to use : guest and test >> >> cheers >> Edwin >I have seen a lot of this lately too. I've just started blocking each >individual IP address as it comes up so they can't try again. I've noticed these too. I do a $IPT -A INPUT -s 192.168.52.0/24 -p tcp --syn --destination-port 22 -j ACCEPT instead. This will only ssh packets for machines that are on my local network. I have a duplicate rule for work machines that I connect from. All other traffic gets dropped. Telnet is not running on any of my machines. N.Emile... -- Registered Linux User # 125653 (http://counter.li.org) Switch to: http://www.speakeasy.net/refer/190653 Love means nothing to a tennis player. 11:52:01 up 26 days, 5:07, 4 users, load average: 0.00, 0.00, 0.00
