[Tfug] Stopping repeated login attempts
Louis Taber
ltaber at gmail.com
Wed Jan 27 09:09:51 MST 2010
Hi again,
The place I noticed the attacks was in the auth.log. The attacks were every
few seconds. An example:
Jan 24 23:20:42 p4 sshd[29194]: Invalid user cailin from 118.121.64.226
Jan 24 23:20:43 p4 sshd[29196]: Invalid user marine from 118.121.64.226
Jan 24 23:20:47 p4 sshd[29200]: Invalid user jboss from 118.121.64.226
Jan 24 23:20:49 p4 sshd[29202]: Invalid user cailine from 118.121.64.226
Jan 24 23:20:50 p4 sshd[29204]: Invalid user marine from 118.121.64.226
Jan 24 23:20:54 p4 sshd[29208]: Invalid user postmaster from 118.121.64.226
Jan 24 23:20:56 p4 sshd[29210]: Invalid user caimile from 118.121.64.226
Jan 24 23:20:57 p4 sshd[29212]: Invalid user marine from 118.121.64.226
Jan 24 23:21:01 p4 sshd[29216]: Invalid user demo from 118.121.64.226
I changed the NAT entry on my router from port 22 to port 2222 and the
attacks stopped for for awhile. By the next day they were going strong
again.
I have little interest in having to set up VPN software on the remote
system. I like to be able to just download putty on some system and get
access.
I will probably try fail2ban or DenyHosts before I travel again. Right now
I just turned off the NAT service.
Thanks. - Louis
On Tue, Jan 26, 2010 at 9:36 AM, <earljviolet at deserthowler.com> wrote:
> I'm not sure which log files to search to find attacks. I look in syslog
> files. Is that the place?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20100127/2b6092af/attachment-0002.html>
More information about the tfug
mailing list