Petre Scheie petre at maltzen.net
Wed Oct 6 02:45:43 UTC 2004

Rick O'Dell wrote:

>	I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
>unauthorized user trying to login. It list dozens of passwords they have
>tried. I have dumped the Ip address into host deny file, but next day a new
>ip address (possibly on a dialup). My question is, what if I disable SSH or
>is this a no no??????? What are the adverse effects to me???
I'm not sure I understand the situation, whether unauthorized users are 
trying to get in via ssh or by talking to Postfix on port 25.  But if 
it's ssh, some friends and I noticed a month or so ago a signficant 
increase in the number of login attempts with bogus IDs via ssh.  Many 
of the source addresses were from southeast asia, if that matters.  
We're not sure if some new script kit was making the rounds or what, but 
to dodge the bullet, and reduce the size of the logging, we all moved 
sshd to listening on ports other than the default 22.  I set some of my 
boxes to 2322, for example, and virtually all those bogus attempts 


More information about the K12OSN mailing list