[ILUG] Am I being persecuted?
tim at birdsnest.maths.tcd.ie
Tue Oct 19 12:57:22 IST 2004
I was shocked when I looked at /var/log/secure.1 on my machine yesterday,
and I saw a large number (about 20 per day) of entries like this:
Oct 15 23:49:42 alfred sshd: Failed password for illegal user iceuser
from 18.104.22.168 port 42540 ssh2
Oct 15 23:49:49 alfred sshd: Illegal user horde from 22.214.171.124
Oct 15 23:49:51 alfred sshd: Failed password for illegal user horde
from 126.96.36.199 port 42638 ssh2
Oct 15 23:49:59 alfred sshd: Illegal user cyrus from 188.8.131.52
(I didn't even know this logfile existed until my filesystem filled up
and I had to find what was causing it)
Are these really nasty people who should be sent to Guantanamo Bay?
Or are they just harmless computer science students?
Will they be able to get past my filewall?
(I'm running the standard shorewall setup.)
According to "whois 184.108.40.206" these guys are in Argentina.
Is that true?
What is the best way to find out?
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the ILUG