Security Incidents mailing list archives
SSH probes?
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Sun, 9 May 2004 22:04:30 +0530
I got about 61 of these in my logs before I turned sshd off. This looks like a brute force attempt at getting a login. May 9 21:35:03 evita sshd(pam_unix)[16332]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20 user=ftp May 9 21:35:10 evita sshd(pam_unix)[16374]: check pass; user unknown May 9 21:35:10 evita sshd(pam_unix)[16374]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=211.216.53.20 May 9 21:35:16 evita sshd(pam_unix)[16375]: check pass; user unknown Anyone else seeing events like this? The box is patched, up to date and still uncompromised. Timezone is UTC +0530 and synchronised to ntp. Devdas Bhagat --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SSH probes? Devdas Bhagat (May 10)
- RE: SSH probes? Jerry Shenk (May 10)
- Re: SSH probes? iglope (May 12)
- Re: SSH probes? Valdis . Kletnieks (May 12)
- Re: SSH probes? Klaus Lichtenwalder (May 12)
- Re: SSH probes? Valdis . Kletnieks (May 12)