[Techtalk] 216 ssh login attempts, what to do?
Colleen Hatfield
evilpig at gmail.com
Tue Oct 12 21:54:07 EST 2004
On Tue, 12 Oct 2004 19:39:27 -0700, Raquel Rice <raquel at thericehouse.net> wrote:
> My SSH runs on port 22 also. The attempts are found in auth.log. I
> assume "whoever" is trying to find something open? Some weakness?
Is it possible that what you're seeing in your auth.log is the source
port rather than the destination port? That could explain the
random/high port numbers.
A sampling from my auth.log:
sshd[21516]: Failed password for root from 211.248.38.252 port 52662 ssh2
sshd[21518]: Failed password for root from 211.248.38.252 port 54573 ssh2
sshd[21542]: Failed password for www-data from 211.248.38.252 port 37127 ssh2
sshd[21546]: Failed password for operator from 211.248.38.252 port 39448 ssh2
sshd[21552]: Failed password for irc from 211.248.38.252 port 42665 ssh2
sshd[21554]: Failed password for irc from 211.248.38.252 port 44427 ssh2
Is that what you're referring to, or something else entirely? If your
sshd is only listening on port 22, it would be really odd for sshd to
be logging anything incoming on any other port.
Sorry if I'm missing something obvious here.
- Colleen
More information about the Techtalk
mailing list