Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Noticed It (Score 1) 203

by cheese-cube (#27551903) Attached to: The Low-Intensity, Brute-Force Zombies Are Back
I noticed this last night when lwatch just start spewing out failed authentication attempts. One point that I don't really see mentioned is that they will try a wide variety of different usernames. A snippet from auth.log:

Apr 12 23:16:27 host sshd[523]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:27 host sshd[523]: Invalid user warpuser from 202.42.66.11
Apr 12 23:16:27 host sshd[523]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:27 host sshd[523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:29 host sshd[523]: Failed password for invalid user warpuser from 202.42.66.11 port 58502 ssh2
Apr 12 23:16:32 host sshd[525]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:32 host sshd[525]: Invalid user fwadmin from 202.42.66.11
Apr 12 23:16:32 host sshd[525]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:32 host sshd[525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:35 host sshd[525]: Failed password for invalid user fwadmin from 202.42.66.11 port 58869 ssh2
Apr 12 23:16:38 host sshd[535]: Address 202.42.66.11 maps to changi.aglow.com.sg, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Apr 12 23:16:38 host sshd[535]: Invalid user mailadm from 202.42.66.11
Apr 12 23:16:38 host sshd[535]: pam_unix(sshd:auth): check pass; user unknown
Apr 12 23:16:38 host sshd[535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.42.66.11
Apr 12 23:16:40 host sshd[535]: Failed password for invalid user mailadm from 202.42.66.11 port 59272 ssh2

An easy method to out-smart them that has been mentioned before is to simply change the SSH port.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (7) Well, it's an excellent idea, but it would make the compilers too hard to write.

Working...