On Wed, Aug 06, 2003 at 05:56:47PM +0200, Thijs Welman wrote: > Alan James wrote: > >Maybe they brute forced the root password ? Do you have > >"PermitRootLogin yes" in sshd_config ? > > No, i didn't at that moment. But there's no sign of an succesfull root > login. Not in ps aux, not in netstat and no ssh traffic other than my > own session in tcpdump. I guess a brute-force would show up in the ssh > logfiles. Only thing there is four times "Did not receive identification > string". sshd logs IP addresses of connections. Was the IP address for those did not receive id connections inside your site, or does it belong to an ISP somewhere, or what? If it's a local address, and not a computer lab, that might give you some clues about whose door to knock on... -- #define X(x,y) x##y Peter Cordes ; e-mail: X(peter@cor , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
Attachment:
pgpqv336QMhjv.pgp
Description: PGP signature