> Right this moment someone is trying to hack into THIS system. The > Internet traffic shows me this. I am growing tired of the ssh thing > since I'm a desktop user. This never needs ssh. I think I will turn it off. > > > Karl F. Larsen, AKA K5DI I echo what you and others have said. If you aren't using it, turn it off. You will continually see such traffic in your logs when hosting a service on a default port. There are always script kiddies out there sweeping a range of IPs with their cracking tools. You won't notice the good ones because they will be slow and methodical. I had SSH activated for a while on a box because I needed remote access to administer the web server (I was hosting a pretty basic site for some elementary school kids - kid friendly links). I wrote a couple of scripts to carve out offending traffic in my logs and tag a standard paragraph to it advising the IP owner of malicious traffic originating from their network. Some responded (most did) thanking me for advising them and stating that they would look into it. Usually another infected machine as was pointed out in this thread. Much like if someone was able to compromise your box and then use it to initiate attacks against other systems. Your ISP would come to you telling you that they will take you off the grid until you correct the problem. Jacques B.
