On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote: > >>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng@xxxxxxx> wrote: > > > >>This was in my logs last night at 11.56pm. > > > > > >Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from > >::ffff:69.59.166.236 port 41532 ssh2 > >Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from > >::ffff:69.59.166.236 port 41714 ssh2 > > > >Seems to be coming from San Fransisco... > > > > > The fact that a user and password is getting flagged indicates that the > hacker is getting past your /etc/hosts.deny file. I keep my ssh access > shut down except for IP address ranges I am expecting. I realize this is > not possible in all cases, but stopping the hacker before they get a login > prompt is in my opinion a preferred situation. Yeah, but you may as well firewall the world. This seems to be everywhere. And one such place is at the building I'll start guarding this Wed starting at 2200-0600. It's a large black piece of telecommunications equipment. I just happened to see the label when on the orientation tour. I told the bank liason, 'You're gonna think I'm the biggest geek you've ever met, but there's an attack on this equipment right now." He looked at me, uncomprehendingly, like cows at a passing train. I really hate being on the outside... -- ------------------------------------------------------------------------ Brian FahrlÃnder Christian, Conservative, and Technomad Evansville, IN http://www.fahrlander.net ICQ 5119262 AIM: WheelDweller ------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
