Re: Is this normal?

[xyberpix <xyberpix () xyberpix com>]

I'd say setup verbose logging on SSHD, and see what they're trying to
do, may shed some light onto the subject. If you need any help with this
let me know.

xyberpix


On Thu, 2004-10-21 at 18:48, Erlend Lorentzen wrote:
> Hi
>
> I'm not very experienced with this sort of thing so please bear with me.
> The following concerns my Slackware 9.1 NAT/Firewall protecting my Home
> LAN from the Internet.
>
> Checking my logs today I was a bit surprised to find about 80 refused
> connection attempts to my sshd during the last month like:
> Oct  7 21:22:27 firewall sshd[9710]: refused connect from
> xxx.xxx.xxx.xxx
>
> I did reverse lookups on the IP's with dig and found that the attemts
> originated from a variety of hosts from Italy, Polen, Russia, Sweden and
> Pakistan to name but a few.
>
> One particular host had tried connecting 19 times with just a few
> seconds between tries (is he/she just trying different commonly used
> passwords?)
>
> Now to my questions:
> Is this Normal?
> Should I be concerned?
> Any security tips, suggestions, thoughts? (I update regularly with
> swaret (SlackwareTool), use strong random passwords, tcp wrappers)
> Anyone know a good guide to hardening Slackware?
> Anything else you'd like to mention?
>
> Thanks, your help is much appreciated!
>
> Best regards Erlend.
-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part