--On Monday, August 15, 2005 1:00 PM -0400 Tim Holmes <tholmes at mcaschool.net> wrote: > How did you detect this / track this, I have ssh open to the net for > remote access, and I would like to learn how to detect / defend this > kind of thing Monster logwatch reports showing the password search in /var/log/secure.