[K12OSN] SSH
Petre Scheie
petre at maltzen.net
Wed Oct 6 02:45:43 UTC 2004
Rick O'Dell wrote:
> I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
>unauthorized user trying to login. It list dozens of passwords they have
>tried. I have dumped the Ip address into host deny file, but next day a new
>ip address (possibly on a dialup). My question is, what if I disable SSH or
>is this a no no??????? What are the adverse effects to me???
>
>
>
I'm not sure I understand the situation, whether unauthorized users are
trying to get in via ssh or by talking to Postfix on port 25. But if
it's ssh, some friends and I noticed a month or so ago a signficant
increase in the number of login attempts with bogus IDs via ssh. Many
of the source addresses were from southeast asia, if that matters.
We're not sure if some new script kit was making the rounds or what, but
to dodge the bullet, and reduce the size of the logging, we all moved
sshd to listening on ports other than the default 22. I set some of my
boxes to 2322, for example, and virtually all those bogus attempts
disappeared.
Petre
More information about the K12OSN
mailing list