[Sussex] unauthorised ssh attempts

Tony Austin tony at gigaday.com
Fri Aug 20 09:18:29 UTC 2004


>  From: Tony Austin [mailto:tony at gigaday.com]
>  Subject: [Sussex] unauthorised ssh attempts
>
>> I have noticed quite a few of these in my logfiles:-
>>
>> current:Aug 20 06:30:54 [sshd] Failed password for illegal user test
> from
>> 222.99.91.173 port 47112 ssh2
>> current:Aug 20 06:30:57 [sshd] Failed password for illegal user guest
> from
>> 222.99.91.173 port 47189 ssh2
>> current:Aug 20 06:31:00 [sshd] Failed password for illegal user admin
> from
>> 222.99.91.173 port 47263 ssh2
>> current:Aug 20 06:31:02 [sshd] Failed password for illegal user admin
> from
>> 222.99.91.173 port 47334 ssh2
>> current:Aug 20 06:31:05 [sshd] Failed password for illegal user user
> from
>> 222.99.91.173 port 47406 ssh2
>> current:Aug 20 06:31:08 [sshd] Failed password for root from
> 222.99.91.173
>> port 47473 ssh2
>> current:Aug 20 06:31:10 [sshd] Failed password for root from
> 222.99.91.173
>> port 47549 ssh2
>> current:Aug 20 06:31:13 [sshd] Failed password for root from
> 222.99.91.173
>> port 47625 ssh2
>>
>> Can someone explain the significance of the port numbers?  I have port
> 22
>> open for ssh plus 25 and a couple for vnc, but everything else is
> blocked
>> at the firewall and yet my server seems to be rejecting login attempts
> on
>> other ports because of incorrect usernames and passwords.
>>
>>
>
> if you firewall blocks anything other then this could it be possible
> that something else on the network is doing this or rerouting somehow?
>

Don't thnk so as this has happened at times when all my other machine are
turned off.

> Ps. that messages is still a lot better then seeing that some one
> managed to login that you don't know about.
>

True, but why would sshd think that these other port numbers are being used?

> Gareth Ablett
> Systems Developer
>
> ITP Services Ltd.
> http://www.itpserve.co.uk/
>
> ------------------------------------------------------------------------
> The recipient acknowledges that ITP Services Ltd is unable to control
> the content of information in transmitting mail and attachments over the
> Internet. ITP Services Ltd makes no warranty as to the quality,
> accuracy and content of information contained in or with this message.
> In
> reading, opening or receiving this e-mail the recipient accepts full
> responsibility for its content and attachments.
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
>


Regards.

Tony Austin
Gigaday Computing Limited
http://www.gigaday.com
tony at gigaday.com





More information about the Sussex mailing list