What to do with a constant flow of attempts to login to my compuet?

Sun Jan 3 16:46:11 IST 2010

Hi Gabor,

Moving sshd off  port 22 to any non-standard port worked fine for me. Most
attacks are too lazy to do a full portscan, so if they don't find the
default port open, they just move to the next host. Of course, this is
assuming that the attack chose you at random. If it's a targeted attack,
this won't help very much...

Cheers,

  Rony

-----Original Message-----
From: linux-il-bounces at cs.huji.ac.il [mailto:linux-il-bounces at cs.huji.ac.il]
On Behalf Of Gabor Szabo
Sent: Sunday, January 03, 2010 4:34 PM
To: linux-il
Subject: What to do with a constant flow of attempts to login to my compuet?

I just noticed someone bombarding my machine trying to login via ssh.
>>From auth.log

Jan  3 06:31:48 s6 sshd[22774]: Failed password for invalid user
amavisd from 202.138.142.216 port 35172 ssh2
Jan  3 06:31:48 s6 sshd[22773]: Failed password for invalid user
clamav from 202.138.142.216 port 39941 ssh2
Jan  3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216
Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user
unknown
Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
Jan  3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216
Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user
unknown
Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
Jan  3 06:31:52 s6 sshd[22780]: Failed password for invalid user
clamav from 202.138.142.216 port 35699 ssh2
Jan  3 06:31:52 s6 sshd[22781]: Failed password for invalid user
appserver from 202.138.142.216 port 40470 ssh2

So what is your suggestion. What to do with it?

Gabor

_______________________________________________
Linux-il mailing list
Linux-il at cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il