On 08/02/2004 05:57 PM, Brian Fahrlander wrote:
On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote:
On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng@xxxxxxx> wrote:
This was in my logs last night at 11.56pm.
Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from
::ffff:69.59.166.236 port 41532 ssh2
Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from
::ffff:69.59.166.236 port 41714 ssh2
Seems to be coming from San Fransisco...
The fact that a user and password is getting flagged indicates that the
hacker is getting past your /etc/hosts.deny file. I keep my ssh access
shut down except for IP address ranges I am expecting. I realize this is
not possible in all cases, but stopping the hacker before they get a login
prompt is in my opinion a preferred situation.
Yeah, but you may as well firewall the world. This seems to be
everywhere.
So use hosts.allow instead, and specify the few particular hosts that
are allowed to attempt to connect. Everyone else will be summarily
rejected. (Firewalling the world is not a bad option, either).
