i guess the surprising thing is that you haven't been getting these messages for years now. i've regularly been seeing fairly sophisticated ssh probes with a range of accounts from a variety of source address space. what's more, i've been seeing probes with plausible (non-root) account names for a couple of years now. OTPs are your friend. when last we saw our hero (Saturday, Aug 07, 2004), nate at refried.org was madly tapping out: > Has anyone else been getting these messages in their logs? It's > mostly attempts to log in as "guest" or "test" through SSH. > > On Tue, Jul 27, 2004 at 04:02:16PM -0000, logcheck at refried.org wrote: > > Security Events > > =-=-=-=-=-=-=-= > > Jul 27 10:26:22 candle sshd[4246]: Failed password for illegal > > user test from 61.109.156.5 port 3995 ssh2 {snipped - for brevity} > On Tue, Aug 03, 2004 at 06:02:15PM -0000, logcheck at refried.org wrote: > > Security Events > > =-=-=-=-=-=-=-= > > Aug 3 12:07:08 candle sshd[7004]: Failed password for illegal > > user test from 24.100.69.192 port 54042 ssh2 {snipped - for brevity} > On Fri, Aug 06, 2004 at 11:02:15PM -0000, logcheck at refried.org wrote: > > Security Events > > =-=-=-=-=-=-=-= > > Aug 6 17:45:13 candle sshd[24181]: Failed password for illegal > > user guest from 132.248.225.118 port 42021 ssh2 > On Sat, Aug 07, 2004 at 08:02:16AM -0000, logcheck at refried.org wrote: > > Security Events > > =-=-=-=-=-=-=-= > > Aug 7 02:32:54 candle sshd[29659]: Failed password for illegal > > user test from 61.19.212.18 port 55079 ssh2 {snipped - for brevity} -- steve ulrich sulrich at botwerks.org PGP: 8D0B 0EE9 E700 A6CF ABA7 AE5F 4FD4 07C9 133B FAFC _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list