[Sussex] unauthorised ssh attempts
Gareth Ablett
Gareth.Ablett at itpserve.co.uk
Fri Aug 20 08:54:50 UTC 2004
From: Tony Austin [mailto:tony at gigaday.com]
Subject: [Sussex] unauthorised ssh attempts
> I have noticed quite a few of these in my logfiles:-
>
> current:Aug 20 06:30:54 [sshd] Failed password for illegal user test
from
> 222.99.91.173 port 47112 ssh2
> current:Aug 20 06:30:57 [sshd] Failed password for illegal user guest
from
> 222.99.91.173 port 47189 ssh2
> current:Aug 20 06:31:00 [sshd] Failed password for illegal user admin
from
> 222.99.91.173 port 47263 ssh2
> current:Aug 20 06:31:02 [sshd] Failed password for illegal user admin
from
> 222.99.91.173 port 47334 ssh2
> current:Aug 20 06:31:05 [sshd] Failed password for illegal user user
from
> 222.99.91.173 port 47406 ssh2
> current:Aug 20 06:31:08 [sshd] Failed password for root from
222.99.91.173
> port 47473 ssh2
> current:Aug 20 06:31:10 [sshd] Failed password for root from
222.99.91.173
> port 47549 ssh2
> current:Aug 20 06:31:13 [sshd] Failed password for root from
222.99.91.173
> port 47625 ssh2
>
> Can someone explain the significance of the port numbers? I have port
22
> open for ssh plus 25 and a couple for vnc, but everything else is
blocked
> at the firewall and yet my server seems to be rejecting login attempts
on
> other ports because of incorrect usernames and passwords.
>
>
if you firewall blocks anything other then this could it be possible
that something else on the network is doing this or rerouting somehow?
Ps. that messages is still a lot better then seeing that some one
managed to login that you don't know about.
Gareth Ablett
Systems Developer
ITP Services Ltd.
http://www.itpserve.co.uk/
------------------------------------------------------------------------
The recipient acknowledges that ITP Services Ltd is unable to control
the content of information in transmitting mail and attachments over the
Internet. ITP Services Ltd makes no warranty as to the quality,
accuracy and content of information contained in or with this message.
In
reading, opening or receiving this e-mail the recipient accepts full
responsibility for its content and attachments.
More information about the Sussex
mailing list