Note to LEAF users on ssh logins

Matthew Dillon dillon at apollo.backplane.com
Wed Mar 2 19:24:13 PST 2005


    Leaf and, in fact, all of my machines which have open ssh ports are getting
    random hack attempts, about 20-30 a day in short bursts, usually from a
    different IP address each day.  I talked with a few sysop friends and
    their boxes are getting similar traffic.  The hack attempts primarily
    try to ssh to root, admin, and a bunch of microsoft-soundy names.  It looks
    fairly coordinated, like it is trying a couple of passwords a each day
    then trying again with different passwords the next day.

    While none of my machines allow passworded logins over ssh (especially
    not for root), and LEAF accounts are all '*'d out (key only logins),
    I am rather disquieted by the continuous attempts so I have written and
    intalled a little program to monitor the syslog which will automatically
    block failed password or illegal user login attempts. 

    It isn't very refined yet so if you find yourself locked out of leaf
    send me an email!

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Users mailing list