On Wed, 04 Aug 2004 11:03:33 -0400, Matt Morgan <matt.morgan-fedora-list@xxxxxxxxxxxxxxxxxx> wrote: > On 08/02/2004 05:57 PM, Brian Fahrlander wrote: > > >On Mon, 2004-08-02 at 16:01, STYMA, ROBERT E (ROBERT) wrote: > > > > > >>>>On Mon, 02 Aug 2004 12:21:01 -0700, Ow Mun Heng <Ow.Mun.Heng@xxxxxxx> wrote: > >>>> > >>>> > >>>>This was in my logs last night at 11.56pm. > >>>> > >>>> > >>>Aug 2 03:21:18 ciscy sshd[27030]: Failed password for illegal user test from > >>>::ffff:69.59.166.236 port 41532 ssh2 > >>>Aug 2 03:21:21 ciscy sshd[27032]: Failed password for illegal user guest from > >>>::ffff:69.59.166.236 port 41714 ssh2 > >>> > >>>Seems to be coming from San Fransisco... > >>> > >>> > >>> > >>> > >>The fact that a user and password is getting flagged indicates that the > >>hacker is getting past your /etc/hosts.deny file. I keep my ssh access > >>shut down except for IP address ranges I am expecting. I realize this is > >>not possible in all cases, but stopping the hacker before they get a login > >>prompt is in my opinion a preferred situation. > >> > >> > > > > Yeah, but you may as well firewall the world. This seems to be > >everywhere. > > > > > > > So use hosts.allow instead, and specify the few particular hosts that > are allowed to attempt to connect. Everyone else will be summarily > rejected. (Firewalling the world is not a bad option, either). > > > take a look of this. http://www.dshield.org/port_report.php?port=22&recax=1&tarax=2&srcax=2&percent=N&days=70&Redraw=
