[Techtalk] 216 ssh login attempts, what to do?
evilpig at gmail.com
Tue Oct 12 21:54:07 EST 2004
On Tue, 12 Oct 2004 19:39:27 -0700, Raquel Rice <raquel at thericehouse.net> wrote:
> My SSH runs on port 22 also. The attempts are found in auth.log. I
> assume "whoever" is trying to find something open? Some weakness?
Is it possible that what you're seeing in your auth.log is the source
port rather than the destination port? That could explain the
random/high port numbers.
A sampling from my auth.log:
sshd: Failed password for root from 220.127.116.11 port 52662 ssh2
sshd: Failed password for root from 18.104.22.168 port 54573 ssh2
sshd: Failed password for www-data from 22.214.171.124 port 37127 ssh2
sshd: Failed password for operator from 126.96.36.199 port 39448 ssh2
sshd: Failed password for irc from 188.8.131.52 port 42665 ssh2
sshd: Failed password for irc from 184.108.40.206 port 44427 ssh2
Is that what you're referring to, or something else entirely? If your
sshd is only listening on port 22, it would be really odd for sshd to
be logging anything incoming on any other port.
Sorry if I'm missing something obvious here.
More information about the Techtalk