[Techtalk] 216 ssh login attempts, what to do?
Raquel Rice
raquel at thericehouse.net
Tue Oct 12 21:22:42 EST 2004
On Tue, 12 Oct 2004 21:54:07 -0500
Colleen Hatfield <evilpig at gmail.com> wrote:
> On Tue, 12 Oct 2004 19:39:27 -0700, Raquel Rice
> <raquel at thericehouse.net> wrote:
> > My SSH runs on port 22 also. The attempts are found in
> > auth.log. I assume "whoever" is trying to find something open?
> > Some weakness?
>
> Is it possible that what you're seeing in your auth.log is the
> source port rather than the destination port? That could explain
> the random/high port numbers.
>
> A sampling from my auth.log:
> sshd[21516]: Failed password for root from 211.248.38.252 port
> 52662 ssh2 sshd[21518]: Failed password for root from
> 211.248.38.252 port 54573 ssh2 sshd[21542]: Failed password for
> www-data from 211.248.38.252 port 37127 ssh2 sshd[21546]: Failed
> password for operator from 211.248.38.252 port 39448 ssh2
> sshd[21552]: Failed password for irc from 211.248.38.252 port
> 42665 ssh2 sshd[21554]: Failed password for irc from
> 211.248.38.252 port 44427 ssh2
>
> Is that what you're referring to, or something else entirely? If
> your sshd is only listening on port 22, it would be really odd for
> sshd to be logging anything incoming on any other port.
>
> Sorry if I'm missing something obvious here.
>
> - Colleen
That's what I was seeing. I guess I didn't realize that was the
source port. I thought some bozo was being stupid. Thanks for the
"hint". ;-)
--
Raquel
============================================================
Don't be afraid to give your best to what seemingly are small jobs.
Every time you conquer one it makes you that much stronger. If you
do the little jobs well, the big ones tend to take care of
themselves.
--Dale Carnegie
More information about the Techtalk
mailing list