How to display IP of ssh user in message?

Nathaniel Hall halln at otc.edu
Wed Apr 27 17:59:05 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have also noticed a large number of attempts from machines in
ThePlanet.coms address range.  Since we are a school, I eventually just
blocked every address of theirs at our firewall to prevent anything from
getting through.  Be careful though because I have had to unblock about
10 IP addresses that are in their range that we needed access to.  I
have contacted the company by e-mail and phone and have never received a
response.

Yes, I understand they are a large datacenter that lets is users use
their IP addresses, but since I had several attempts and nobody every
contacted me (4 separate e-mails) I blocked them.

I do recommend contacting the company if you continue having problems.
If you have questions about how to contact them, let me know and I can
try to help you.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln at otc.edu
417-447-7535
GPG Public Key ID: 0xAC187312


Ryan Golhar wrote:
| Hi all,
|
| I notice in our logs that we get a large amount of failed attempts to
| log in.  Short of blocking these domains using iptables, I was wondering
| if there is a way to display the IP address of the user logging in, in a
| message so they know we have their IP address?
|
| sshd:
|    Invalid Users:
|       Unknown Account: 602 Time(s)
|    Authentication Failures:
|       xfs (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|       root (nitrogen.umdnj.edu ): 1 Time(s)
|       root (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|       unknown (138.67-18-71.reverse.theplanet.com ): 595 Time(s)
|       unknown (218.153.147.92 ): 6 Time(s)
|       daemon (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|       root (218.153.147.92 ): 3 Time(s)
|       rpc (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|       unknown (10.136.16.244 ): 1 Time(s)
|       smmsp (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFCb9Lpc+QrUawYcxIRAmMoAJ4uel28YyJeZ2exO2O+y6lxOjrJQgCeLmuG
8xKSkQNsvGmJCihJibwFr0s=
=feEc
-----END PGP SIGNATURE-----

More information about the redhat-list mailing list