On 12/25/05, Gerald <gwichman@xxxxxxxxx> wrote: > It looks like i'm getting a dictionary attack on my system. I moved > ssh to another port instead of 22 in hopes that would put a halt to it > but it did not. Any recommendations to improve security here? I notice > these attacks come from a variety of IP's so pursuing one individual > is probably not worthwhile. > > [root@corona ~]# tail /var/log/secure > Dec 25 17:51:09 corona sshd[24704]: Failed password for invalid user > turid from ::ffff:203.115.124.116 port 38370 ssh2 > Dec 25 17:51:12 corona sshd[24707]: Invalid user turnage from > ::ffff:203.115.124.116 > Dec 25 17:51:14 corona sshd[24707]: Failed password for invalid user > turnage from ::ffff:203.115.124.116 port 38886 ssh2 > Dec 25 17:51:18 corona sshd[24710]: Invalid user turnbough from > ::ffff:203.115.124.116 > Dec 25 17:51:20 corona sshd[24710]: Failed password for invalid user > turnbough from ::ffff:203.115.124.116 port 39397 ssh2 > Dec 25 17:51:22 corona sshd[24713]: Invalid user turner from > ::ffff:203.115.124.116 > Dec 25 17:51:25 corona sshd[24713]: Failed password for invalid user > turner from ::ffff:203.115.124.116 port 40228 ssh2 > Dec 25 17:51:27 corona sshd[24716]: Invalid user tursun from > ::ffff:203.115.124.116 > Dec 25 17:51:30 corona sshd[24716]: Failed password for invalid user > tursun from ::ffff:203.115.124.116 port 40714 ssh2 > Dec 25 21:20:46 corona sshd[24897]: Accepted password for root from > ::ffff:10.1.1.17 port 4500 ssh2 > [root@corona ~]# > > > -- > -Gerald > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Gerald, You might want to look into changing your sshd so it accepts keyed access only. Just learning ssh myself so I'm sketchy on details. John Purser
