[Techtalk] 216 ssh login attempts, what to do?

Colleen Hatfield evilpig at gmail.com
Tue Oct 12 23:57:15 EST 2004


On Tue, 12 Oct 2004 21:22:42 -0700, Raquel Rice <raquel at thericehouse.net> wrote:
> That's what I was seeing.  I guess I didn't realize that was the source port. 

IMO it would be nice if the logging were a bit clearer about that. 
Especially since it's a security service and most people will probably
watch it a bit more closely than most of their other daemons.

> I thought some bozo was being stupid.

I think you're 100% accurate on that point - the description of
"stupid bozo" is pretty right on for those who are running these
scans.  Of course, the same could be said for those who get
compromised because they allow their www-data user to login via ssh
(with a weak password, no less).  So it seems that stupid bozos abound
on both sides, or it wouldn't be worth it to scan like this in the
first place. ;-D

- Colleen


More information about the Techtalk mailing list