[Techtalk] 216 ssh login attempts, what to do?

Raquel Rice raquel at thericehouse.net
Tue Oct 12 21:22:42 EST 2004

On Tue, 12 Oct 2004 21:54:07 -0500
Colleen Hatfield <evilpig at gmail.com> wrote:

> On Tue, 12 Oct 2004 19:39:27 -0700, Raquel Rice
> <raquel at thericehouse.net> wrote:
> > My SSH runs on port 22 also.  The attempts are found in
> > auth.log.  I assume "whoever" is trying to find something open? 
> > Some weakness?
> Is it possible that what you're seeing in your auth.log is the
> source port rather than the destination port?  That could explain
> the random/high port numbers.
> A sampling from my auth.log:
> sshd[21516]: Failed password for root from port
> 52662 ssh2 sshd[21518]: Failed password for root from
> port 54573 ssh2 sshd[21542]: Failed password for
> www-data from port 37127 ssh2 sshd[21546]: Failed
> password for operator from port 39448 ssh2
> sshd[21552]: Failed password for irc from port
> 42665 ssh2 sshd[21554]: Failed password for irc from
> port 44427 ssh2
> Is that what you're referring to, or something else entirely?  If
> your sshd is only listening on port 22, it would be really odd for
> sshd to be logging anything incoming on any other port.
> Sorry if I'm missing something obvious here.
> - Colleen

That's what I was seeing.  I guess I didn't realize that was the
source port.  I thought some bozo was being stupid.  Thanks for the
"hint".  ;-)

Don't be afraid to give your best to what seemingly are small jobs.
Every time you conquer one it makes you that much stronger. If you
do the little jobs well, the big ones tend to take care of
  --Dale Carnegie

More information about the Techtalk mailing list