[ILUG] Am I being persecuted?
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Tue Oct 19 12:57:22 IST 2004
I was shocked when I looked at /var/log/secure.1 on my machine yesterday,
and I saw a large number (about 20 per day) of entries like this:
=========================================
Oct 15 23:49:42 alfred sshd[26028]: Failed password for illegal user iceuser
from 200.55.41.105 port 42540 ssh2
Oct 15 23:49:49 alfred sshd[26032]: Illegal user horde from 200.55.41.105
Oct 15 23:49:51 alfred sshd[26032]: Failed password for illegal user horde
from 200.55.41.105 port 42638 ssh2
Oct 15 23:49:59 alfred sshd[26036]: Illegal user cyrus from 200.55.41.105
=========================================
(I didn't even know this logfile existed until my filesystem filled up
and I had to find what was causing it)
Are these really nasty people who should be sent to Guantanamo Bay?
Or are they just harmless computer science students?
Will they be able to get past my filewall?
(I'm running the standard shorewall setup.)
According to "whois 200.55.41.105" these guys are in Argentina.
Is that true?
What is the best way to find out?
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the ILUG
mailing list