Attempted SSH Logins
Nathaniel Hall
halln at otc.edu
Tue Aug 3 16:22:50 UTC 2004
Hi all.
I have been monitoring our logs over the past several weeks using logwatch
and have noticed several of these entries (known entries omitted):
sshd:
Invalid Users:
Unknown Account: 5 Time(s)
Authentication Failures:
test (server.bes1.com ): 2 Time(s)
root (server.bes1.com ): 3 Time(s)
unknown (server.bes1.com ): 4 Time(s)
The source addresses vary. I always see the same accounts from different
addresses with a different number of tries. When I see these, there is only
one source, never a mix of sources. The next day, it might be a different
source, but it is the only one.
Is anybody else seeing this in their logs where I shouldn't be as worried or
is this directed at us?
~~~~~~~~~~~~~~~~~~~~~~~~~~
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-799-0552
More information about the redhat-list
mailing list