Attempted SSH Logins

From: Nathaniel Hall (halln_at_otc.edu)
Date: 08/03/04

  • Next message: James Marcinek: "Fwd: MORE SSH Hacking: heads-up Re: SSH ATTEMPTS"
    To: <redhat-list@redhat.com>
    Date: Tue, 3 Aug 2004 11:22:50 -0500
    
    

    Hi all.

     

    I have been monitoring our logs over the past several weeks using logwatch
    and have noticed several of these entries (known entries omitted):

     

    sshd:

       Invalid Users:

          Unknown Account: 5 Time(s)

       Authentication Failures:

          test (server.bes1.com ): 2 Time(s)

          root (server.bes1.com ): 3 Time(s)

          unknown (server.bes1.com ): 4 Time(s)

     

    The source addresses vary. I always see the same accounts from different
    addresses with a different number of tries. When I see these, there is only
    one source, never a mix of sources. The next day, it might be a different
    source, but it is the only one.

     

    Is anybody else seeing this in their logs where I shouldn't be as worried or
    is this directed at us?

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~

    Nathaniel Hall

    Intrusion Detection and Firewall Technician

    Ozarks Technical Community College -- Office of Computer Networking

     

    halln@otc.edu

    417-799-0552

     

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: James Marcinek: "Fwd: MORE SSH Hacking: heads-up Re: SSH ATTEMPTS"