[NBLUG/talk] I'm getting ssh scanned! Should I be worried?
Ron Wickersham
rjw at alembic.com
Mon Oct 4 12:55:45 PDT 2004
hi Dave,
those of us who read logs for enjoyment and entertainment ;-) see this
(and a lot more) all the time. interestingly, the "test" username
seems more recent, don't remember it from more than a year or two ago.
but failed attempts means that the pasword didn't 'pass' and so you're
ok.
when someone actually gets in, most often they erase the logs. thus,
so long as you see unsuccessful attempts that usually means everything
is ok.
i concurr that the frequency of this activity has increased a lot in
the past 6 months.
-ron
--
/~\ The ASCII Ribbon Campaign
\ / No HTML/RTF in email
X No Word docs in email
/ \ Respect for open standards
On Mon, 4 Oct 2004, Dave Sisley wrote:
> Date: Mon, 4 Oct 2004 12:40:58 -0700
> From: Dave Sisley <dsisley at arczip.com>
> To: NBLUG <talk at nblug.org>
> Subject: [NBLUG/talk] I'm getting ssh scanned! Should I be worried?
>
> Hello, fellow NBLUGgers:
>
> I'm (sadly) pretty clueless when it comes to security, and I've been
> thinking a long while that it's time I get off the pot and learn some
> more about it. I'm _really_ curious now, because my logwatch reports
> (which I can barely understand) indicate that there have been numerous
> attempts by "outsiders" to log into my box via ssh (see below for
> excerpts from a recent logwatch report).
---snip---
More information about the talk
mailing list