How to display IP of ssh user in message?
Nathaniel Hall
halln at otc.edu
Wed Apr 27 17:59:05 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have also noticed a large number of attempts from machines in
ThePlanet.coms address range. Since we are a school, I eventually just
blocked every address of theirs at our firewall to prevent anything from
getting through. Be careful though because I have had to unblock about
10 IP addresses that are in their range that we needed access to. I
have contacted the company by e-mail and phone and have never received a
response.
Yes, I understand they are a large datacenter that lets is users use
their IP addresses, but since I had several attempts and nobody every
contacted me (4 separate e-mails) I blocked them.
I do recommend contacting the company if you continue having problems.
If you have questions about how to contact them, let me know and I can
try to help you.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
GPG Public Key ID: 0xAC187312
Ryan Golhar wrote:
| Hi all,
|
| I notice in our logs that we get a large amount of failed attempts to
| log in. Short of blocking these domains using iptables, I was wondering
| if there is a way to display the IP address of the user logging in, in a
| message so they know we have their IP address?
|
| sshd:
| Invalid Users:
| Unknown Account: 602 Time(s)
| Authentication Failures:
| xfs (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
| root (nitrogen.umdnj.edu ): 1 Time(s)
| root (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
| unknown (138.67-18-71.reverse.theplanet.com ): 595 Time(s)
| unknown (218.153.147.92 ): 6 Time(s)
| daemon (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
| root (218.153.147.92 ): 3 Time(s)
| rpc (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
| unknown (10.136.16.244 ): 1 Time(s)
| smmsp (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFCb9Lpc+QrUawYcxIRAmMoAJ4uel28YyJeZ2exO2O+y6lxOjrJQgCeLmuG
8xKSkQNsvGmJCihJibwFr0s=
=feEc
-----END PGP SIGNATURE-----
More information about the redhat-list
mailing list