Note to LEAF users on ssh logins
Matthew Dillon
dillon at apollo.backplane.com
Wed Mar 2 19:24:13 PST 2005
Leaf and, in fact, all of my machines which have open ssh ports are getting
random hack attempts, about 20-30 a day in short bursts, usually from a
different IP address each day. I talked with a few sysop friends and
their boxes are getting similar traffic. The hack attempts primarily
try to ssh to root, admin, and a bunch of microsoft-soundy names. It looks
fairly coordinated, like it is trying a couple of passwords a each day
then trying again with different passwords the next day.
While none of my machines allow passworded logins over ssh (especially
not for root), and LEAF accounts are all '*'d out (key only logins),
I am rather disquieted by the continuous attempts so I have written and
intalled a little program to monitor the syslog which will automatically
block failed password or illegal user login attempts.
It isn't very refined yet so if you find yourself locked out of leaf
send me an email!
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Users
mailing list