[CLUE-Tech] ssh attempts
jim feldman
jmf at jim-liesl.org
Thu Oct 28 15:07:02 MDT 2004
Just a script kiddie looking for a ssh server with easy to guess passwords.
It's "goin' around"
I always configure public ssh ports to only accept PKI with passphrase
encrypted keys (two part auth)
Depending on your "pipe" this can be a bit of a DoS till the
Sh**ForBrains moves on to it's next victim.
Date: Thu, 28 Oct 2004 09:34:57 -0600
From: Mike <lister-clue at gantsfort.com>
To: clue-tech at clue.denver.co.us
Subject: [CLUE-Tech] possible breakin attempt
Reply-To: clue-tech at clue.denver.co.us
Can anyone shed light on these messages in /var/log/auth.log:
Aug 30 12:46:50 mg2 sshd[10555]: reverse mapping checking getaddrinfo
for ip-202-147-54-103.asianetcom.net failed - POSSIBLE BREAKIN ATTEMPT!
There were 9 such messages on Aug 30th and 107 on Oct 9th.
What are they trying to exploit?
ckrootkit and rkhunter found nothing. What else I should check?
Thanks,
Mike
More information about the clue-tech
mailing list