[BUGS] Constant SSH login spam
Sunnz
sunnzy at gmail.com
Mon Feb 4 04:43:51 EST 2008
2008/2/4, Jerahmy Pocott <quakenet1 at optusnet.com.au>:
> Hey,
>
> Is anyone else seeing massive amounts of SSH login attempts on their
> servers? Is there some recent SSH vulnerability that I didn't hear
> about? My firewall here is constantly blocking connections, around 200
> or so per day.. Then on a server that actually allows remote ssh
> connections I get security log files going into the megabytes listing
> things like:
>
> Feb 3 03:31:57 beastie sshd[65656]: Invalid user a from 190.76.248.24
> Feb 3 03:32:00 beastie sshd[65658]: Invalid user b from 190.76.248.24
> Feb 3 03:32:02 beastie sshd[65660]: Invalid user c from 190.76.248.24
>
> Going through millions of names and this server requires an RSA key
> pair to connect, yet they keep trying for hours and hours on end.. Is
> there some sort of virus/botnet thing that does this automatically
> trying to harvest logins and spread? It just seems too stupid even be
> a person using some script..
>
While it is always a good idea to keep your system and security errata
up to date, it is not very likely that there is an actual SSH bug and
believe it or not, stupid mindless bots run by script kiddies are
everywhere... like there was a thread about this a few weeks ago on
the misc at openbsd list:
http://marc.info/?l=openbsd-misc&m=120000725614695&w=2
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the BUGS
mailing list