[ILUG] Breakins attempted - advice please
John Kinsella
John.Kinsella at ul.ie
Wed Aug 27 12:03:51 IST 2008
Hi,
no flames please!
I'm being regularly subjected to what appear to auth.log (and me) to be
attempted breakins on my office desktop machine (Ubuntu Hearty Heron
with Firestarter firewall)
e.g.
==============8<===========
Aug 27 11:56:18 jkcray sshd[15664]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.78.212.68 user=root
Aug 27 11:56:20 jkcray sshd[15664]: Failed password for root from
200.78.212.68 port 34256 ssh2
Aug 27 11:56:22 jkcray sshd[15666]: reverse mapping checking getaddrinfo
for na-200-78-212-68.na.avantel.net.mx [200.78.212.68] failed - POSSIBLE
BREAK-IN ATTEMPT!
Aug 27 11:56:22 jkcray sshd[15666]: Invalid user magazine from 200.78.212.68
Aug 27 11:56:22 jkcray sshd[15666]: pam_unix(sshd:auth): check pass;
user unknown
Aug 27 11:56:22 jkcray sshd[15666]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.78.212.68
Aug 27 11:56:24 jkcray sshd[15666]: Failed password for invalid user
magazine from 200.78.212.68 port 34486 ssh2
==============8<===========
I'd like to keep sshd running so I can log in from home.
Other than changine firewall settings to block all but my ISP's IP
addresses for access via ssh is there anything else that I should be
looking at?
Thanks
John
--
John A. Kinsella Ph: +353-61-202148 (Direct)
+353-61-333644 x 2148 (Switch)
Mathematics Dept. e-mail: John.Kinsella at ul.ie
University of Limerick FAX: +353-61-334927
IRELAND Web: http://jkcray.maths.ul.ie
More information about the ILUG
mailing list